Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
winrar-x64-620b2.exe

Overview

General Information

Sample name:winrar-x64-620b2.exe
Analysis ID:1417804
MD5:efa2c65ab75028a909740e99763d1acb
SHA1:688970c4b44da217a4312404303c312d33602b21
SHA256:5c07ed55846b6418cdcb02ae6ef96c0448cc2fd457179d6072a051ecb0e15909
Tags:exe
Infos:

Detection

Score:40
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Multi AV Scanner detection for submitted file
Contains functionality to register a low level keyboard hook
Found direct / indirect Syscall (likely to bypass EDR)
Installs a global event hook (focus changed)
PE file has a writeable .text section
Adds / modifies Windows certificates
Binary contains a suspicious time stamp
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to launch a process as a different user
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality to shutdown / reboot the system
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Drops certificate files (DER)
Drops files with a non-matching file extension (content does not match file extension)
Found dropped PE file which has not been started or loaded
Found evaded block containing many API calls
Found evasive API chain (date check)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains an invalid checksum
PE file contains executable resources (Code or Archives)
PE file contains more sections than normal
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Stores large binary data to the registry
Tries to load missing DLLs
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Process Tree

  • System is w10x64
  • winrar-x64-620b2.exe (PID: 6692 cmdline: "C:\Users\user\Desktop\winrar-x64-620b2.exe" MD5: EFA2C65AB75028A909740E99763D1ACB)
    • winrar-x64-620b2.tmp (PID: 4144 cmdline: "C:\Users\user\AppData\Local\Temp\is-LCQTO.tmp\winrar-x64-620b2.tmp" /SL5="$20456,7896458,780800,C:\Users\user\Desktop\winrar-x64-620b2.exe" MD5: FD9446F7F5062FF6D90110D83B5814C2)
      • setup.exe (PID: 5456 cmdline: "C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exe" MD5: 3287172FF65AD8CDEEC8FDEC30F8D393)
        • set_0.exe (PID: 6968 cmdline: "C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe" --silent --allusers=0 MD5: 63BF5E3553D023DA35C365109C3AEDCF)
          • set_0.exe (PID: 5396 cmdline: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=107.0.5045.79 --initial-client-data=0x398,0x39c,0x3a0,0x374,0x3a4,0x6c3a623c,0x6c3a6248,0x6c3a6254 MD5: 63BF5E3553D023DA35C365109C3AEDCF)
          • set_0.exe (PID: 6504 cmdline: "C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\set_0.exe" --version MD5: 63BF5E3553D023DA35C365109C3AEDCF)
          • set_0.exe (PID: 3568 cmdline: "C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="C:\Users\user\AppData\Local\Programs\Opera GX" --profile-folder --language=en-GB --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=6968 --package-dir-prefix="C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_20240330173821" --session-guid=a10f841a-b084-4b1c-a270-9471596263d2 --server-tracking-blob=MzQwYjFlY2Q3YzUwMzljOWRhMzc4ZWY2NDVlZTkxNGE5MzY0ODhiMmM5YmFiMDE5ZTk1N2JhOTU2NTJhM2RiNzp7ImNvdW50cnkiOiJVUyIsImVkaXRpb24iOiJzdGQtMSIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOnsibmFtZSI6Im9wZXJhX2d4In0sInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS9lZGl0aW9uL3N0ZC0xP3V0bV9zb3VyY2U9UFdOZ2FtZXMmdXRtX21lZGl1bT1wYSZ1dG1fY2FtcGFpZ249UFdOX1VTX1BCM19ERF8zNjYxJnV0bV9pZD1hOTUzMmNlZWRiYTc0NzJhODlhNzNhZGI3MDI3ZGI4NSZ1dG1fY29udGVudD0zNjYxXzIzNTMiLCJzeXN0ZW0iOnsicGxhdGZvcm0iOnsiYXJjaCI6Ing4Nl82NCIsIm9wc3lzIjoiV2luZG93cyIsIm9wc3lzLXZlcnNpb24iOiIxMCIsInBhY2thZ2UiOiJFWEUifX0sInRpbWVzdGFtcCI6IjE3MTE4MTY2OTkuOTMyNiIsInVzZXJhZ2VudCI6Iklubm9Eb3dubG9hZFBsdWdpbi8xLjUiLCJ1dG0iOnsiY2FtcGFpZ24iOiJQV05fVVNfUEIzX0REXzM2NjEiLCJjb250ZW50IjoiMzY2MV8yMzUzIiwiaWQiOiJhOTUzMmNlZWRiYTc0NzJhODlhNzNhZGI3MDI3ZGI4NSIsIm1lZGl1bSI6InBhIiwic291cmNlIjoiUFdOZ2FtZXMifSwidXVpZCI6IjFiNjA5MDQ5LTIxN2QtNDVkMy04ODZiLTM3N2E2MTY5YWJiZCJ9 --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=0406000000000000 MD5: 63BF5E3553D023DA35C365109C3AEDCF)
            • set_0.exe (PID: 5280 cmdline: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=107.0.5045.79 --initial-client-data=0x388,0x38c,0x390,0x364,0x394,0x6b74623c,0x6b746248,0x6b746254 MD5: 63BF5E3553D023DA35C365109C3AEDCF)
            • installer.exe (PID: 5676 cmdline: "C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe" --backend --initial-pid=6968 --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="C:\Users\user\AppData\Local\Programs\Opera GX" --profile-folder --language=en-GB --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --package-dir="C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211" --session-guid=a10f841a-b084-4b1c-a270-9471596263d2 --server-tracking-blob=MzQwYjFlY2Q3YzUwMzljOWRhMzc4ZWY2NDVlZTkxNGE5MzY0ODhiMmM5YmFiMDE5ZTk1N2JhOTU2NTJhM2RiNzp7ImNvdW50cnkiOiJVUyIsImVkaXRpb24iOiJzdGQtMSIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOnsibmFtZSI6Im9wZXJhX2d4In0sInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS9lZGl0aW9uL3N0ZC0xP3V0bV9zb3VyY2U9UFdOZ2FtZXMmdXRtX21lZGl1bT1wYSZ1dG1fY2FtcGFpZ249UFdOX1VTX1BCM19ERF8zNjYxJnV0bV9pZD1hOTUzMmNlZWRiYTc0NzJhODlhNzNhZGI3MDI3ZGI4NSZ1dG1fY29udGVudD0zNjYxXzIzNTMiLCJzeXN0ZW0iOnsicGxhdGZvcm0iOnsiYXJjaCI6Ing4Nl82NCIsIm9wc3lzIjoiV2luZG93cyIsIm9wc3lzLXZlcnNpb24iOiIxMCIsInBhY2thZ2UiOiJFWEUifX0sInRpbWVzdGFtcCI6IjE3MTE4MTY2OTkuOTMyNiIsInVzZXJhZ2VudCI6Iklubm9Eb3dubG9hZFBsdWdpbi8xLjUiLCJ1dG0iOnsiY2FtcGFpZ24iOiJQV05fVVNfUEIzX0REXzM2NjEiLCJjb250ZW50IjoiMzY2MV8yMzUzIiwiaWQiOiJhOTUzMmNlZWRiYTc0NzJhODlhNzNhZGI3MDI3ZGI4NSIsIm1lZGl1bSI6InBhIiwic291cmNlIjoiUFdOZ2FtZXMifSwidXVpZCI6IjFiNjA5MDQ5LTIxN2QtNDVkMy04ODZiLTM3N2E2MTY5YWJiZCJ9 --silent --desktopshortcut=1 --install-subfolder=107.0.5045.79 MD5: 21AD4599ABD2E158DB5128F32D3CC4EE)
              • installer.exe (PID: 2764 cmdline: "C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktopGX --annotation=ver=107.0.5045.79 --initial-client-data=0x2c4,0x2c8,0x2cc,0x29c,0x2d0,0x7ff8a8dad180,0x7ff8a8dad18c,0x7ff8a8dad198 MD5: 21AD4599ABD2E158DB5128F32D3CC4EE)
              • explorer.exe (PID: 1028 cmdline: C:\Windows\Explorer.EXE MD5: 662F4F92FDE3557E86D110526BB578D5)
              • zRLeaVuwHZUsAJ.exe (PID: 5880 cmdline: "C:\Program Files (x86)\nZAKxSqmPHiPhLDTQLuRLezesjzXVhvCmWJdKwnqhWK\zRLeaVuwHZUsAJ.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
              • zRLeaVuwHZUsAJ.exe (PID: 5840 cmdline: "C:\Program Files (x86)\nZAKxSqmPHiPhLDTQLuRLezesjzXVhvCmWJdKwnqhWK\zRLeaVuwHZUsAJ.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
              • zRLeaVuwHZUsAJ.exe (PID: 3496 cmdline: "C:\Program Files (x86)\nZAKxSqmPHiPhLDTQLuRLezesjzXVhvCmWJdKwnqhWK\zRLeaVuwHZUsAJ.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
              • zRLeaVuwHZUsAJ.exe (PID: 5628 cmdline: "C:\Program Files (x86)\nZAKxSqmPHiPhLDTQLuRLezesjzXVhvCmWJdKwnqhWK\zRLeaVuwHZUsAJ.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
              • zRLeaVuwHZUsAJ.exe (PID: 6428 cmdline: "C:\Program Files (x86)\nZAKxSqmPHiPhLDTQLuRLezesjzXVhvCmWJdKwnqhWK\zRLeaVuwHZUsAJ.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
              • zRLeaVuwHZUsAJ.exe (PID: 7140 cmdline: "C:\Program Files (x86)\nZAKxSqmPHiPhLDTQLuRLezesjzXVhvCmWJdKwnqhWK\zRLeaVuwHZUsAJ.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
              • zRLeaVuwHZUsAJ.exe (PID: 6128 cmdline: "C:\Program Files (x86)\nZAKxSqmPHiPhLDTQLuRLezesjzXVhvCmWJdKwnqhWK\zRLeaVuwHZUsAJ.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
              • zRLeaVuwHZUsAJ.exe (PID: 984 cmdline: "C:\Program Files (x86)\nZAKxSqmPHiPhLDTQLuRLezesjzXVhvCmWJdKwnqhWK\zRLeaVuwHZUsAJ.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
              • zRLeaVuwHZUsAJ.exe (PID: 5988 cmdline: "C:\Program Files (x86)\nZAKxSqmPHiPhLDTQLuRLezesjzXVhvCmWJdKwnqhWK\zRLeaVuwHZUsAJ.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
              • zRLeaVuwHZUsAJ.exe (PID: 1352 cmdline: "C:\Program Files (x86)\nZAKxSqmPHiPhLDTQLuRLezesjzXVhvCmWJdKwnqhWK\zRLeaVuwHZUsAJ.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
              • zRLeaVuwHZUsAJ.exe (PID: 3176 cmdline: "C:\Program Files (x86)\nZAKxSqmPHiPhLDTQLuRLezesjzXVhvCmWJdKwnqhWK\zRLeaVuwHZUsAJ.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
              • zRLeaVuwHZUsAJ.exe (PID: 6648 cmdline: "C:\Program Files (x86)\nZAKxSqmPHiPhLDTQLuRLezesjzXVhvCmWJdKwnqhWK\zRLeaVuwHZUsAJ.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
              • zRLeaVuwHZUsAJ.exe (PID: 5428 cmdline: "C:\Program Files (x86)\nZAKxSqmPHiPhLDTQLuRLezesjzXVhvCmWJdKwnqhWK\zRLeaVuwHZUsAJ.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
              • zRLeaVuwHZUsAJ.exe (PID: 6512 cmdline: "C:\Program Files (x86)\nZAKxSqmPHiPhLDTQLuRLezesjzXVhvCmWJdKwnqhWK\zRLeaVuwHZUsAJ.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
              • zRLeaVuwHZUsAJ.exe (PID: 5488 cmdline: "C:\Program Files (x86)\nZAKxSqmPHiPhLDTQLuRLezesjzXVhvCmWJdKwnqhWK\zRLeaVuwHZUsAJ.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
              • zRLeaVuwHZUsAJ.exe (PID: 1472 cmdline: "C:\Program Files (x86)\nZAKxSqmPHiPhLDTQLuRLezesjzXVhvCmWJdKwnqhWK\zRLeaVuwHZUsAJ.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
              • zRLeaVuwHZUsAJ.exe (PID: 384 cmdline: "C:\Program Files (x86)\nZAKxSqmPHiPhLDTQLuRLezesjzXVhvCmWJdKwnqhWK\zRLeaVuwHZUsAJ.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
              • zRLeaVuwHZUsAJ.exe (PID: 5440 cmdline: "C:\Program Files (x86)\nZAKxSqmPHiPhLDTQLuRLezesjzXVhvCmWJdKwnqhWK\zRLeaVuwHZUsAJ.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
              • zRLeaVuwHZUsAJ.exe (PID: 4068 cmdline: "C:\Program Files (x86)\nZAKxSqmPHiPhLDTQLuRLezesjzXVhvCmWJdKwnqhWK\zRLeaVuwHZUsAJ.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
              • zRLeaVuwHZUsAJ.exe (PID: 6688 cmdline: "C:\Program Files (x86)\nZAKxSqmPHiPhLDTQLuRLezesjzXVhvCmWJdKwnqhWK\zRLeaVuwHZUsAJ.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
              • zRLeaVuwHZUsAJ.exe (PID: 3136 cmdline: "C:\Program Files (x86)\nZAKxSqmPHiPhLDTQLuRLezesjzXVhvCmWJdKwnqhWK\zRLeaVuwHZUsAJ.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
          • Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe (PID: 3144 cmdline: "C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe" MD5: E9A2209B61F4BE34F25069A6E54AFFEA)
          • assistant_installer.exe (PID: 6612 cmdline: "C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exe" --version MD5: 4C8FBED0044DA34AD25F781C3D117A66)
            • assistant_installer.exe (PID: 6304 cmdline: "C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=73.0.3856.382 --initial-client-data=0x334,0x338,0x33c,0x310,0x340,0x9f4f48,0x9f4f58,0x9f4f64 MD5: 4C8FBED0044DA34AD25F781C3D117A66)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus / Scanner detection for submitted sample
Source: winrar-x64-620b2.exeAvira: detected
Antivirus detection for URL or domain
Source: http://aa.lockstart.host/ww.php?p=2268&t=46134022&title=UmVhbCBGaWxlcw==LAvira URL Cloud: Label: malware
Multi AV Scanner detection for submitted file
Source: winrar-x64-620b2.exeReversingLabs: Detection: 86%
Source: winrar-x64-620b2.exeVirustotal: Detection: 73%Perma Link
Source: Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2545685055.0000000003509000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: -----BEGIN PUBLIC KEY-----memstr_cf79b236-6
Source: winrar-x64-620b2.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
Source: C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exeWindow detected: &Next >CancelReal Files Real FilesLicense AgreementPlease review the license terms before installing Real Files.Press Page Down to see the rest of the agreement.Welcome this is an important message and license agreement so please read all below carefully. Real Files is financed by advertisement. By clicking Accept you will continue with the installation of Real Files and the offers listed below.Get an unparalleled gaming and browsing experience on mobile and desktop with OperaGX. Set limits on CPU RAM and Network usage use Discord & Twitch from the sidebar and connect mobile and desktop browsers with the file-sharing Flow feature. By clicking "Accept" I agree to the EULA <https://legal.opera.com/eula/computers/> Privacy Policy <https://legal.opera.com/privacy/> and consent to install.Browser is fast and secure web browser which does not collect your usage data.By clicking "Accept" I agree to the EULA <https://www.inlogbrowser.com/eula.txt> Privacy Policy <https://www.inlogbrowser.com/pp.txt> and consent to install Inlog Browser. This program can be removed at anytime in Windows Add/Remove Programs.AdBlock Fast gives you the ability to block ads in exchange for a small amount of your unused processing power storage and bandwidth managed by Massive. You can monitor and control this resource use anytime by choosing Resource usage from the app menu. Your idle computing resources such as CPU GPU and Network bandwidth are used to perform business intelligence research run scientific simulations and perform other distributed tasks which may increase electricity consumption or decrease battery life (see Massive's FAQ <https://www.joinmassive.com/faq> for details potential risks and their mitigation). Pressing "I agree" indicates that you agree to Massive's license <https://adblockfast.com/license/> and Privacy Policy <https://www.iubenda.com/privacy-policy/216992>.for Youtube - Say Goodbye to annoying ads in videos and websites with our free Adblocker.YouTube Adblocker is a cutting-edge adblocking solution designed to provide users with uninterrupted and seamless viewing experiences on the popular video-sharing platform YouTube. By clicking "Accept" I agree to the EULA <https://clearplaytube.com/eula> and consent to install.proxy service to protect your privacy. Accept the EULA <https://www.termsfeed.com/live/4bb495ca-d123-4f4d-a727-e9c4d0f3fabe> by pressing "Agree". By proceeding with the installation you agree to the EULA <https://digitalpulsedata.com/tos> grant Digital Pulse permission to occasionally utilize the available resources of your device and IP address to retrieve public web data from the Internet. Digital Pulse highly regards your trust and prioritizes safeguarding your privacy and personal data. To ensure your safety Digital Pulse comprehends the security implications involved in sharing your IP address and diligently monitors all network traffic. Your IP address will solely be used for authorized business purposes and never
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeRegistry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Opera GX 107.0.5045.79
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeFile created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer\opera_installer_20240330173821471.logJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeFile created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer\opera_installer_20240330173822509.logJump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeFile created: C:\Users\user\AppData\Local\Temp\assistant_installer_20240330173850.log
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeFile created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer\opera_installer_20240330173926631.log
Source: winrar-x64-620b2.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Binary string: assistant_installer.exe.pdb source: Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2545685055.0000000003509000.00000004.00000020.00020000.00000000.sdmp, assistant_installer.exe, 0000000C.00000000.2547130076.00000000009D5000.00000002.00000001.01000000.00000014.sdmp, assistant_installer.exe, 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmp, assistant_installer.exe, 0000000D.00000000.2548205524.00000000009D5000.00000002.00000001.01000000.00000014.sdmp, assistant_installer.exe, 0000000D.00000002.2549972447.00000000009D5000.00000002.00000001.01000000.00000014.sdmp
Source: Binary string: c:\srv\slave\workdir\repos\opera\chromium\src\out\Release\notification_helper.exe.pdb source: notification_helper.exe.8.dr
Source: Binary string: c:\srv\slave\workdir\repos\opera\chromium\src\out\Release\installer.exe.pdb source: installer.exe, 0000000E.00000000.2900377829.00007FF6C8731000.00000002.00000001.01000000.00000015.sdmp, installer.exe, 0000000E.00000002.3112670826.00007FF6C8731000.00000002.00000001.01000000.00000015.sdmp, installer.exe, 0000000F.00000002.3122600895.00007FF6C8731000.00000002.00000001.01000000.00000015.sdmp, installer.exe, 0000000F.00000000.2903274000.00007FF6C8731000.00000002.00000001.01000000.00000015.sdmp
Source: Binary string: .exe.pdbp source: set_0.exe, 00000005.00000000.2249087421.00000000007F7000.00000080.00000001.01000000.0000000C.sdmp, set_0.exe, 00000006.00000000.2251790811.00000000007F7000.00000080.00000001.01000000.0000000C.sdmp, set_0.exe, 00000007.00000000.2254899737.0000000000A27000.00000080.00000001.01000000.0000000F.sdmp, set_0.exe, 00000008.00000000.2258423922.00000000007F7000.00000080.00000001.01000000.0000000C.sdmp, set_0.exe, 00000009.00000000.2262126259.00000000007F7000.00000080.00000001.01000000.0000000C.sdmp
Source: Binary string: browser_assistant.exe.pdb source: Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2545685055.00000000037DD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: _lib.dll.pdb`, source: set_0.exe, 00000005.00000000.2249087421.00000000007F7000.00000080.00000001.01000000.0000000C.sdmp, set_0.exe, 00000006.00000000.2251790811.00000000007F7000.00000080.00000001.01000000.0000000C.sdmp, set_0.exe, 00000007.00000000.2254899737.0000000000A27000.00000080.00000001.01000000.0000000F.sdmp, set_0.exe, 00000008.00000000.2258423922.00000000007F7000.00000080.00000001.01000000.0000000C.sdmp, set_0.exe, 00000009.00000000.2262126259.00000000007F7000.00000080.00000001.01000000.0000000C.sdmp
Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: zRLeaVuwHZUsAJ.exe, 00000013.00000002.3246424123.0000000000E1E000.00000002.00000001.01000000.00000019.sdmp, zRLeaVuwHZUsAJ.exe, 00000014.00000000.2937113143.0000000000E1E000.00000002.00000001.01000000.00000019.sdmp, zRLeaVuwHZUsAJ.exe, 00000015.00000000.2939422423.0000000000E1E000.00000002.00000001.01000000.00000019.sdmp, zRLeaVuwHZUsAJ.exe, 00000016.00000000.2940803812.0000000000E1E000.00000002.00000001.01000000.00000019.sdmp, zRLeaVuwHZUsAJ.exe, 00000017.00000002.3247158200.0000000000E1E000.00000002.00000001.01000000.00000019.sdmp, zRLeaVuwHZUsAJ.exe, 00000018.00000002.3243388979.0000000000E1E000.00000002.00000001.01000000.00000019.sdmp, zRLeaVuwHZUsAJ.exe, 00000019.00000000.2944437156.0000000000E1E000.00000002.00000001.01000000.00000019.sdmp, zRLeaVuwHZUsAJ.exe, 0000001A.00000002.3242711532.0000000000E1E000.00000002.00000001.01000000.00000019.sdmp, zRLeaVuwHZUsAJ.exe, 0000001B.00000000.2946551337.0000000000E1E000.00000002.00000001.01000000.00000019.sdmp, zRLeaVuwHZUsAJ.exe, 0000001C.00000000.2947484119.0000000000E1E000.00000002.00000001.01000000.00000019.sdmp, zRLeaVuwHZUsAJ.exe, 0000001D.00000000.2948022686.0000000000E1E000.00000002.00000001.01000000.00000019.sdmp, zRLeaVuwHZUsAJ.exe, 0000001E.00000002.3232254734.0000000000E1E000.00000002.00000001.01000000.00000019.sdmp, zRLeaVuwHZUsAJ.exe, 0000001F.00000002.3237271292.0000000000E1E000.00000002.00000001.01000000.00000019.sdmp, zRLeaVuwHZUsAJ.exe, 00000020.00000002.3242821660.0000000000E1E000.00000002.00000001.01000000.00000019.sdmp, zRLeaVuwHZUsAJ.exe, 00000021.00000002.3243418700.0000000000E1E000.00000002.00000001.01000000.00000019.sdmp, zRLeaVuwHZUsAJ.exe, 00000022.00000000.2954401522.0000000000E1E000.00000002.00000001.01000000.00000019.sdmp, zRLeaVuwHZUsAJ.exe, 00000023.00000002.3243339222.0000000000E1E000.00000002.00000001.01000000.00000019.sdmp, zRLeaVuwHZUsAJ.exe, 00000024.00000002.3244029994.0000000000E1E000.00000002.00000001.01000000.00000019.sdmp, zRLeaVuwHZUsAJ.exe, 00000025.00000000.2959860580.0000000000E1E000.00000002.00000001.01000000.00000019.sdmp, zRLeaVuwHZUsAJ.exe, 00000026.00000000.2965274536.0000000000E1E000.00000002.00000001.01000000.00000019.sdmp, zRLeaVuwHZUsAJ.exe, 00000027.00000000.2966841955.0000000000E1E000.00000002.00000001.01000000.00000019.sdmp
Source: Binary string: mojo_core.dll.pdb source: Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2545685055.00000000037DD000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2546248972.0000000003DB0000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: c:\srv\slave\workdir\repos\opera1\chromium\src\out\Release\installer_lib.dll.pdb`, source: set_0.exe, 00000005.00000002.3143372418.0000000000620000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000006.00000002.3155150882.0000000000620000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000007.00000002.2257434736.0000000000850000.00000040.00000001.01000000.0000000F.sdmp, set_0.exe, 00000008.00000002.3114831364.0000000000620000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000009.00000002.3133575012.0000000000620000.00000040.00000001.01000000.0000000C.sdmp
Source: Binary string: _lib.dll.pdb source: set_0.exe, 00000005.00000000.2249087421.00000000007F7000.00000080.00000001.01000000.0000000C.sdmp, set_0.exe, 00000006.00000000.2251790811.00000000007F7000.00000080.00000001.01000000.0000000C.sdmp, set_0.exe, 00000007.00000000.2254899737.0000000000A27000.00000080.00000001.01000000.0000000F.sdmp, set_0.exe, 00000008.00000000.2258423922.00000000007F7000.00000080.00000001.01000000.0000000C.sdmp, set_0.exe, 00000009.00000000.2262126259.00000000007F7000.00000080.00000001.01000000.0000000C.sdmp
Source: Binary string: c:\srv\slave\workdir\repos\opera1\chromium\src\out\Release\installer.exe.pdb source: set_0.exe, set_0.exe, 00000009.00000002.3133575012.00000000005A1000.00000040.00000001.01000000.0000000C.sdmp
Source: Binary string: c:\srv\slave\workdir\repos\opera1\chromium\src\out\Release\installer.exe.pdbp source: set_0.exe, 00000005.00000002.3143372418.00000000005A1000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000006.00000002.3155150882.00000000005A1000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000007.00000002.2257434736.00000000007D1000.00000040.00000001.01000000.0000000F.sdmp, set_0.exe, 00000008.00000002.3114831364.00000000005A1000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000009.00000002.3133575012.00000000005A1000.00000040.00000001.01000000.0000000C.sdmp
Source: Binary string: .exe.pdb source: set_0.exe, 00000005.00000000.2249087421.00000000007F7000.00000080.00000001.01000000.0000000C.sdmp, set_0.exe, 00000006.00000000.2251790811.00000000007F7000.00000080.00000001.01000000.0000000C.sdmp, set_0.exe, 00000007.00000000.2254899737.0000000000A27000.00000080.00000001.01000000.0000000F.sdmp, set_0.exe, 00000008.00000000.2258423922.00000000007F7000.00000080.00000001.01000000.0000000C.sdmp, set_0.exe, 00000009.00000000.2262126259.00000000007F7000.00000080.00000001.01000000.0000000C.sdmp
Source: Binary string: c:\srv\slave\workdir\repos\opera\chromium\src\out\Release\launcher.exe.pdb source: installer.exe, 0000000E.00000003.2908113154.000002DDED3D1000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: browser_assistant.exe.pdbe source: Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2545685055.00000000037DD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: c:\srv\slave\workdir\repos\opera1\chromium\src\out\Release\installer_lib.dll.pdb source: set_0.exe, 00000005.00000002.3143372418.0000000000620000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000006.00000002.3155150882.0000000000620000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000007.00000002.2257434736.0000000000850000.00000040.00000001.01000000.0000000F.sdmp, set_0.exe, 00000008.00000002.3114831364.0000000000620000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000009.00000002.3133575012.0000000000620000.00000040.00000001.01000000.0000000C.sdmp
Source: Binary string: assistant_installer.exe.pdb@ source: Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2545685055.0000000003509000.00000004.00000020.00020000.00000000.sdmp, assistant_installer.exe, 0000000C.00000000.2547130076.00000000009D5000.00000002.00000001.01000000.00000014.sdmp, assistant_installer.exe, 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmp, assistant_installer.exe, 0000000D.00000000.2548205524.00000000009D5000.00000002.00000001.01000000.00000014.sdmp, assistant_installer.exe, 0000000D.00000002.2549972447.00000000009D5000.00000002.00000001.01000000.00000014.sdmp
Source: Binary string: c:\srv\slave\workdir\repos\opera\chromium\src\out\Release\installer_lib.dll.pdb source: installer.exe, 0000000E.00000000.2900452325.00007FF6C8757000.00000002.00000001.01000000.00000015.sdmp, installer.exe, 0000000F.00000002.3123167236.00007FF6C8757000.00000002.00000001.01000000.00000015.sdmp
Source: C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exeCode function: 3_2_00405E61 FindFirstFileA,FindClose,3_2_00405E61
Source: C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exeCode function: 3_2_0040548B CloseHandle,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,3_2_0040548B
Source: C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exeCode function: 3_2_0040263E FindFirstFileA,3_2_0040263E
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exeCode function: 11_2_004033B3 GetFileAttributesW,SetLastError,FindFirstFileW,FindClose,CompareFileTime,11_2_004033B3
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exeCode function: 11_2_00402F12 FindFirstFileW,SetFileAttributesW,lstrcmpW,lstrcmpW,SetFileAttributesW,DeleteFileW,FindNextFileW,FindClose,SetFileAttributesW,RemoveDirectoryW,??3@YAXPAX@Z,??3@YAXPAX@Z,11_2_00402F12
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 12_2_008A9120 PathMatchSpecW,FindNextFileW,FindClose,FindFirstFileExW,GetLastError,GetFileAttributesW,12_2_008A9120
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 12_2_00939AE2 FindFirstFileExW,12_2_00939AE2
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 13_2_008A9120 PathMatchSpecW,FindNextFileW,FindClose,FindFirstFileExW,GetLastError,GetFileAttributesW,13_2_008A9120
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 13_2_00939AE2 FindFirstFileExW,13_2_00939AE2
Source: C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exeFile opened: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\inetc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exeFile opened: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exeFile opened: C:\Users\user\AppData\Local\Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exeFile opened: C:\Users\user\AppData\Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exeFile opened: C:\Users\user\Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exeFile opened: C:\Users\user\AppData\Local\Temp\Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 4x nop then movd mm0, dword ptr [edx]13_2_008E9970
Source: Joe Sandbox ViewIP Address: 104.21.83.102 104.21.83.102
Source: Joe Sandbox ViewIP Address: 172.67.152.108 172.67.152.108
Source: Joe Sandbox ViewIP Address: 37.228.108.133 37.228.108.133
Source: C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exeCode function: 3_2_6C541475 ReadFile,InternetWriteFile,InternetReadFile,WriteFile,3_2_6C541475
Source: installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: "favicon_url": "https://www.rambler.ru/favicon.ico", equals www.rambler.ru (Rambler)
Source: installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: "favicon_url": "https://www.yahoo.co.jp/favicon.ico", equals www.yahoo.com (Yahoo)
Source: installer.exe, 0000000F.00000002.3123167236.00007FF6C8757000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: c. Facebook Messenger: A messaging service provided by Facebook, Inc., Meta Platforms Ireland Ltd. or related companies, depending on where you are accessing their services. Terms of use are available at https://www.facebook.com/legal/terms; and equals www.facebook.com (Facebook)
Source: installer.exe, 0000000E.00000002.3112030606.000002E000248000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: Pwww.rambler.ru/favicon.ico equals www.rambler.ru (Rambler)
Source: set_0.exeString found in binary or memory: hatsapp.com/legal; and c. Facebook Messenger: A messaging service provided by Facebook, Inc., Meta Platforms Ireland Ltd. or related companies, depending on where you are accessing their services. Terms of use are available at https://www.facebook.com/l equals www.facebook.com (Facebook)
Source: installer.exe, 0000000E.00000002.3112030606.000002E000248000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: www.rambler.ru/favicon.ico equals www.rambler.ru (Rambler)
Source: installer.exe, 0000000E.00000002.3112030606.000002E000248000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: www.yahoo.co.jp/favicon.ico equals www.yahoo.com (Yahoo)
Source: winrar-x64-620b2.tmp, 00000001.00000003.2113559302.00000000009E9000.00000004.00000020.00020000.00000000.sdmp, winrar-x64-620b2.tmp, 00000001.00000003.2113868914.00000000009F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://aa.lockstart.host/
Source: winrar-x64-620b2.exe, 00000000.00000003.1963485387.00000000024F0000.00000004.00001000.00020000.00000000.sdmp, winrar-x64-620b2.exe, 00000000.00000002.3237398481.00000000021EA000.00000004.00001000.00020000.00000000.sdmp, winrar-x64-620b2.tmp, 00000001.00000003.2113559302.00000000009E9000.00000004.00000020.00020000.00000000.sdmp, winrar-x64-620b2.tmp, 00000001.00000003.1968273349.0000000003460000.00000004.00001000.00020000.00000000.sdmp, winrar-x64-620b2.tmp, 00000001.00000003.2113559302.00000000009C0000.00000004.00000020.00020000.00000000.sdmp, winrar-x64-620b2.tmp, 00000001.00000002.3251084046.0000000002441000.00000004.00001000.00020000.00000000.sdmp, winrar-x64-620b2.tmp, 00000001.00000003.2113868914.00000000009F1000.00000004.00000020.00020000.00000000.sdmp, winrar-x64-620b2.tmp, 00000001.00000003.2114114470.00000000009F1000.00000004.00000020.00020000.00000000.sdmp, winrar-x64-620b2.tmp, 00000001.00000002.3253902307.0000000003535000.00000004.00001000.00020000.00000000.sdmp, winrar-x64-620b2.tmp, 00000001.00000003.2113995556.00000000009F1000.00000004.00000020.00020000.00000000.sdmp, winrar-x64-620b2.tmp, 00000001.00000002.3251084046.000000000242A000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://aa.lockstart.host/st.php
Source: winrar-x64-620b2.tmp, 00000001.00000003.2113559302.00000000009E9000.00000004.00000020.00020000.00000000.sdmp, winrar-x64-620b2.tmp, 00000001.00000003.2113868914.00000000009F1000.00000004.00000020.00020000.00000000.sdmp, winrar-x64-620b2.tmp, 00000001.00000003.2114114470.00000000009F1000.00000004.00000020.00020000.00000000.sdmp, winrar-x64-620b2.tmp, 00000001.00000003.2113995556.00000000009F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://aa.lockstart.host/st.php#
Source: winrar-x64-620b2.tmp, 00000001.00000003.2113559302.00000000009C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://aa.lockstart.host/st.php7t
Source: winrar-x64-620b2.exe, 00000000.00000003.1963485387.00000000024F0000.00000004.00001000.00020000.00000000.sdmp, winrar-x64-620b2.exe, 00000000.00000002.3237398481.00000000021EA000.00000004.00001000.00020000.00000000.sdmp, winrar-x64-620b2.tmp, 00000001.00000003.1968273349.0000000003460000.00000004.00001000.00020000.00000000.sdmp, winrar-x64-620b2.tmp, 00000001.00000002.3251084046.0000000002441000.00000004.00001000.00020000.00000000.sdmp, winrar-x64-620b2.tmp, 00000001.00000002.3253902307.0000000003535000.00000004.00001000.00020000.00000000.sdmp, winrar-x64-620b2.tmp, 00000001.00000002.3251084046.0000000002474000.00000004.00001000.00020000.00000000.sdmp, winrar-x64-620b2.tmp, 00000001.00000002.3251084046.000000000242A000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://aa.lockstart.host/ww.php?p=2268&t=46134022&title=UmVhbCBGaWxlcw==
Source: winrar-x64-620b2.tmp, 00000001.00000002.3251084046.0000000002474000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://aa.lockstart.host/ww.php?p=2268&t=46134022&title=UmVhbCBGaWxlcw==L
Source: set_0.exeString found in binary or memory: http://autoupdate-staging.services.ams.osa/
Source: set_0.exe, 00000005.00000002.3143372418.0000000000620000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000006.00000002.3155150882.0000000000620000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000007.00000002.2257434736.0000000000850000.00000040.00000001.01000000.0000000F.sdmp, set_0.exe, 00000008.00000002.3114831364.0000000000620000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000009.00000002.3133575012.0000000000620000.00000040.00000001.01000000.0000000C.sdmp, installer.exe, 0000000E.00000000.2900452325.00007FF6C8757000.00000002.00000001.01000000.00000015.sdmp, installer.exe, 0000000F.00000002.3123167236.00007FF6C8757000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: http://autoupdate-staging.services.ams.osa/v4/v5/netinstaller///windows/x64v2/Fetching
Source: winrar-x64-620b2.exe, 00000000.00000003.1963485387.00000000024F0000.00000004.00001000.00020000.00000000.sdmp, winrar-x64-620b2.exe, 00000000.00000002.3237398481.00000000021EA000.00000004.00001000.00020000.00000000.sdmp, winrar-x64-620b2.tmp, 00000001.00000003.1968273349.0000000003460000.00000004.00001000.00020000.00000000.sdmp, winrar-x64-620b2.tmp, 00000001.00000002.3251084046.0000000002441000.00000004.00001000.00020000.00000000.sdmp, winrar-x64-620b2.tmp, 00000001.00000002.3253902307.0000000003535000.00000004.00001000.00020000.00000000.sdmp, winrar-x64-620b2.tmp, 00000001.00000002.3251084046.000000000242A000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://bb.handssurprise.website/ww.php?p=2268&t=46134022&title=UmVhbCBGaWxlcw==
Source: set_0.exe, 00000005.00000003.2704275037.0000000029F64000.00000004.00001000.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.3142774435.0000000029E0C000.00000004.00001000.00020000.00000000.sdmp, set_0.exe, 00000005.00000002.3150230282.00000000012C5000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2545685055.0000000003509000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2546116420.00000000005A0000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2545685055.00000000037DD000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2546248972.0000000003DB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: setup.exe, 00000003.00000003.2247533990.000000000085A000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000002.3143372418.00000000009E4000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000005.00000003.2440366716.0000000001081000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2523565591.0000000029F4C000.00000004.00001000.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2253993085.0000000003A7B000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2544529696.0000000001084000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000002.3150230282.00000000012C5000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000006.00000002.3155150882.00000000009E4000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000007.00000002.2257434736.0000000000C14000.00000040.00000001.01000000.0000000F.sdmp, set_0.exe, 00000008.00000002.3114831364.00000000009E4000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000009.00000002.3133575012.00000000009E4000.00000040.00000001.01000000.0000000C.sdmp, installer.exe, 0000000E.00000002.3112816011.00007FF6C8C0E000.00000002.00000001.01000000.00000015.sdmp, installer.exe, 0000000E.00000003.2907524478.000002DDEB694000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000E.00000003.2908113154.000002DDED3D1000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000F.00000000.2903345215.00007FF6C8C0E000.00000002.00000001.01000000.00000015.sdmp, notification_helper.exe.8.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: set_0.exe, 00000005.00000002.3151436541.00000000047D6000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2545685055.0000000003509000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2546116420.00000000005A0000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2545685055.00000000037DD000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2546248972.0000000003DB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertEVCodeSigningCA-SHA2.crt0
Source: explorer.exe, 00000012.00000002.3280950871.0000000009B0B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000000.2923951746.0000000009B0B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000000.2923951746.0000000009AF9000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000002.3280950871.0000000009AF9000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG2.crt0
Source: set_0.exe, 00000005.00000003.2574547389.0000000001093000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2567499841.0000000001093000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2544529696.0000000001093000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.3139169470.000000000108B000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.3139843993.0000000001092000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000002.3149733003.0000000001073000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000002.3149984574.0000000001093000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2545685055.0000000003509000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2546116420.00000000005A0000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2545685055.00000000037DD000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2546248972.0000000003DB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt0
Source: set_0.exe, 00000005.00000003.2704275037.0000000029F64000.00000004.00001000.00020000.00000000.sdmp, set_0.exe, 00000005.00000002.3149733003.0000000001073000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.3142774435.0000000029E0C000.00000004.00001000.00020000.00000000.sdmp, set_0.exe, 00000005.00000002.3150230282.00000000012C5000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2545685055.0000000003509000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2546116420.00000000005A0000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2545685055.00000000037DD000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2546248972.0000000003DB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: set_0.exe, 00000005.00000002.3143372418.00000000009E4000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000005.00000003.2440366716.0000000001081000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2253993085.0000000003A7B000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2544529696.0000000001084000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2523164463.0000000001093000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000006.00000002.3155150882.00000000009E4000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000007.00000002.2257434736.0000000000C14000.00000040.00000001.01000000.0000000F.sdmp, set_0.exe, 00000008.00000002.3114831364.00000000009E4000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000009.00000002.3133575012.00000000009E4000.00000040.00000001.01000000.0000000C.sdmp, installer.exe, 0000000E.00000002.3112816011.00007FF6C8C0E000.00000002.00000001.01000000.00000015.sdmp, installer.exe, 0000000E.00000003.2907524478.000002DDEB694000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000E.00000003.2908113154.000002DDED3D1000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000F.00000000.2903345215.00007FF6C8C0E000.00000002.00000001.01000000.00000015.sdmp, notification_helper.exe.8.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: setup.exe, 00000003.00000003.2247533990.000000000085A000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000002.3143372418.00000000009E4000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000005.00000003.2574547389.0000000001093000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2440366716.0000000001081000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2567499841.0000000001093000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2544529696.0000000001093000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.3139169470.000000000108B000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.3139843993.0000000001092000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2523565591.0000000029F4C000.00000004.00001000.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2253993085.0000000003A7B000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000002.3149984574.0000000001093000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2544529696.0000000001084000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2523164463.0000000001093000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000002.3150230282.00000000012C5000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000006.00000002.3155150882.00000000009E4000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000007.00000002.2257434736.0000000000C14000.00000040.00000001.01000000.0000000F.sdmp, set_0.exe, 00000008.00000002.3114831364.00000000009E4000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000009.00000002.3133575012.00000000009E4000.00000040.00000001.01000000.0000000C.sdmp, installer.exe, 0000000E.00000002.3112816011.00007FF6C8C0E000.00000002.00000001.01000000.00000015.sdmp, installer.exe, 0000000E.00000003.2907524478.000002DDEB694000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000E.00000003.2908113154.000002DDED3D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: set_0.exe, 00000005.00000003.2523164463.0000000001093000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt
Source: setup.exe, 00000003.00000003.2247533990.000000000085A000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000002.3143372418.00000000009E4000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000005.00000003.2440366716.0000000001081000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2523565591.0000000029F4C000.00000004.00001000.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2253993085.0000000003A7B000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2544529696.0000000001084000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2523164463.0000000001093000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000002.3150230282.00000000012C5000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000006.00000002.3155150882.00000000009E4000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000007.00000002.2257434736.0000000000C14000.00000040.00000001.01000000.0000000F.sdmp, set_0.exe, 00000008.00000002.3114831364.00000000009E4000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000009.00000002.3133575012.00000000009E4000.00000040.00000001.01000000.0000000C.sdmp, installer.exe, 0000000E.00000002.3112816011.00007FF6C8C0E000.00000002.00000001.01000000.00000015.sdmp, installer.exe, 0000000E.00000003.2907524478.000002DDEB694000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000E.00000003.2908113154.000002DDED3D1000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000F.00000000.2903345215.00007FF6C8C0E000.00000002.00000001.01000000.00000015.sdmp, notification_helper.exe.8.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: set_0.exe, 00000005.00000003.2523164463.0000000001093000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crtj
Source: set_0.exe, 00000005.00000003.2574547389.0000000001093000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2567499841.0000000001093000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2544529696.0000000001093000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.3139169470.000000000108B000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.3139843993.0000000001092000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000002.3149984574.0000000001093000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2523164463.0000000001093000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustg8
Source: explorer.exe, 00000012.00000002.3231967857.0000000000F13000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000012.00000000.2918772561.0000000000F13000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.v
Source: set_0.exe, 00000005.00000002.3149733003.0000000000FE0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.diZqZ5r&
Source: setup.exe, 00000003.00000003.2247533990.000000000085A000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000002.3143372418.00000000009E4000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000005.00000003.2440366716.0000000001081000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2523565591.0000000029F4C000.00000004.00001000.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2253993085.0000000003A7B000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2544529696.0000000001084000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000002.3150230282.00000000012C5000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000006.00000002.3155150882.00000000009E4000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000007.00000002.2257434736.0000000000C14000.00000040.00000001.01000000.0000000F.sdmp, set_0.exe, 00000008.00000002.3114831364.00000000009E4000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000009.00000002.3133575012.00000000009E4000.00000040.00000001.01000000.0000000C.sdmp, installer.exe, 0000000E.00000002.3112816011.00007FF6C8C0E000.00000002.00000001.01000000.00000015.sdmp, installer.exe, 0000000E.00000003.2907524478.000002DDEB694000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000E.00000003.2908113154.000002DDED3D1000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000F.00000000.2903345215.00007FF6C8C0E000.00000002.00000001.01000000.00000015.sdmp, notification_helper.exe.8.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: set_0.exe, 00000005.00000003.2704275037.0000000029F64000.00000004.00001000.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.3142774435.0000000029E0C000.00000004.00001000.00020000.00000000.sdmp, set_0.exe, 00000005.00000002.3150230282.00000000012C5000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2545685055.0000000003509000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2546116420.00000000005A0000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2545685055.00000000037DD000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2546248972.0000000003DB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: explorer.exe, 00000012.00000002.3280950871.0000000009B0B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000000.2923951746.0000000009B0B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000000.2923951746.0000000009AF9000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000002.3280950871.0000000009AF9000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG2.crl07
Source: set_0.exe, 00000005.00000003.2574547389.0000000001093000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2567499841.0000000001093000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2544529696.0000000001093000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.3139169470.000000000108B000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.3139843993.0000000001092000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000002.3149733003.0000000001073000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000002.3149984574.0000000001093000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2545685055.0000000003509000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2546116420.00000000005A0000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2545685055.00000000037DD000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2546248972.0000000003DB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: set_0.exe, 00000005.00000002.3143372418.00000000009E4000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000005.00000003.2440366716.0000000001081000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2253993085.0000000003A7B000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2544529696.0000000001084000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2523164463.0000000001093000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000006.00000002.3155150882.00000000009E4000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000007.00000002.2257434736.0000000000C14000.00000040.00000001.01000000.0000000F.sdmp, set_0.exe, 00000008.00000002.3114831364.00000000009E4000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000009.00000002.3133575012.00000000009E4000.00000040.00000001.01000000.0000000C.sdmp, installer.exe, 0000000E.00000002.3112816011.00007FF6C8C0E000.00000002.00000001.01000000.00000015.sdmp, installer.exe, 0000000E.00000003.2907524478.000002DDEB694000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000E.00000003.2908113154.000002DDED3D1000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000F.00000000.2903345215.00007FF6C8C0E000.00000002.00000001.01000000.00000015.sdmp, notification_helper.exe.8.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: setup.exe, 00000003.00000003.2247533990.000000000085A000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000002.3143372418.00000000009E4000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000005.00000003.2574547389.0000000001093000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2440366716.0000000001081000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2567499841.0000000001093000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2544529696.0000000001093000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.3139169470.000000000108B000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.3139843993.0000000001092000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2523565591.0000000029F4C000.00000004.00001000.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2253993085.0000000003A7B000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000002.3149984574.0000000001093000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2544529696.0000000001084000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2523164463.0000000001093000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000002.3150230282.00000000012C5000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000006.00000002.3155150882.00000000009E4000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000007.00000002.2257434736.0000000000C14000.00000040.00000001.01000000.0000000F.sdmp, set_0.exe, 00000008.00000002.3114831364.00000000009E4000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000009.00000002.3133575012.00000000009E4000.00000040.00000001.01000000.0000000C.sdmp, installer.exe, 0000000E.00000002.3112816011.00007FF6C8C0E000.00000002.00000001.01000000.00000015.sdmp, installer.exe, 0000000E.00000003.2907524478.000002DDEB694000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000E.00000003.2908113154.000002DDED3D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: notification_helper.exe.8.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: set_0.exe, 00000005.00000002.3151436541.00000000047D6000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2545685055.0000000003509000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2546116420.00000000005A0000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2545685055.00000000037DD000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2546248972.0000000003DB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/EVCodeSigningSHA2-g1.crl07
Source: set_0.exe, 00000005.00000003.2704275037.0000000029F64000.00000004.00001000.00020000.00000000.sdmp, set_0.exe, 00000005.00000002.3149733003.0000000001073000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.3142774435.0000000029E0C000.00000004.00001000.00020000.00000000.sdmp, set_0.exe, 00000005.00000002.3150230282.00000000012C5000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2545685055.0000000003509000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2546116420.00000000005A0000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2545685055.00000000037DD000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2546248972.0000000003DB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: set_0.exe, 00000005.00000003.2704275037.0000000029F64000.00000004.00001000.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.3142774435.0000000029E0C000.00000004.00001000.00020000.00000000.sdmp, set_0.exe, 00000005.00000002.3150230282.00000000012C5000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2545685055.0000000003509000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2546116420.00000000005A0000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2545685055.00000000037DD000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2546248972.0000000003DB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: explorer.exe, 00000012.00000002.3280950871.0000000009B0B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000000.2923951746.0000000009B0B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000000.2923951746.0000000009AF9000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000002.3280950871.0000000009AF9000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootG2.crl0
Source: set_0.exe, 00000005.00000003.2574547389.0000000001093000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2567499841.0000000001093000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2544529696.0000000001093000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.3139169470.000000000108B000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.3139843993.0000000001092000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000002.3149733003.0000000001073000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000002.3149984574.0000000001093000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2545685055.0000000003509000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2546116420.00000000005A0000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2545685055.00000000037DD000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2546248972.0000000003DB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: set_0.exe, 00000005.00000002.3143372418.00000000009E4000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000005.00000003.2440366716.0000000001081000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2253993085.0000000003A7B000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2544529696.0000000001084000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2523164463.0000000001093000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000006.00000002.3155150882.00000000009E4000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000007.00000002.2257434736.0000000000C14000.00000040.00000001.01000000.0000000F.sdmp, set_0.exe, 00000008.00000002.3114831364.00000000009E4000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000009.00000002.3133575012.00000000009E4000.00000040.00000001.01000000.0000000C.sdmp, installer.exe, 0000000E.00000002.3112816011.00007FF6C8C0E000.00000002.00000001.01000000.00000015.sdmp, installer.exe, 0000000E.00000003.2907524478.000002DDEB694000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000E.00000003.2908113154.000002DDED3D1000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000F.00000000.2903345215.00007FF6C8C0E000.00000002.00000001.01000000.00000015.sdmp, notification_helper.exe.8.drString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: set_0.exe, 00000005.00000002.3151436541.00000000047D6000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2545685055.0000000003509000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2546116420.00000000005A0000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2545685055.00000000037DD000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2546248972.0000000003DB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/EVCodeSigningSHA2-g1.crl0K
Source: set_0.exe, 00000005.00000003.2704275037.0000000029F64000.00000004.00001000.00020000.00000000.sdmp, set_0.exe, 00000005.00000002.3149733003.0000000001073000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.3142774435.0000000029E0C000.00000004.00001000.00020000.00000000.sdmp, set_0.exe, 00000005.00000002.3150230282.00000000012C5000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2545685055.0000000003509000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2546116420.00000000005A0000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2545685055.00000000037DD000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2546248972.0000000003DB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: set_0.exe, 00000005.00000002.3149733003.0000000000FE0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en
Source: set_0.exe, 00000005.00000002.3149733003.0000000000FE0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: set_0.exe, 00000005.00000002.3143372418.0000000000620000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000006.00000002.3155150882.0000000000620000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000007.00000002.2257434736.0000000000850000.00000040.00000001.01000000.0000000F.sdmp, set_0.exe, 00000008.00000002.3114831364.0000000000620000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000009.00000002.3133575012.0000000000620000.00000040.00000001.01000000.0000000C.sdmp, installer.exe, 0000000E.00000000.2900452325.00007FF6C8757000.00000002.00000001.01000000.00000015.sdmp, installer.exe, 0000000F.00000002.3123167236.00007FF6C8757000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: http://localhost:3001api/prefs/?product=$1&version=$2..
Source: setup.exe, setup.exe, 00000003.00000002.3233642760.0000000000409000.00000004.00000001.01000000.00000007.sdmp, setup.exe, 00000003.00000000.2133946734.0000000000409000.00000008.00000001.01000000.00000007.sdmp, is-U8A6E.tmp.1.drString found in binary or memory: http://nsis.sf.net/NSIS_Error
Source: setup.exe, 00000003.00000002.3233642760.0000000000409000.00000004.00000001.01000000.00000007.sdmp, setup.exe, 00000003.00000000.2133946734.0000000000409000.00000008.00000001.01000000.00000007.sdmp, is-U8A6E.tmp.1.drString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: set_0.exe, 00000005.00000003.2523164463.0000000001093000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com
Source: set_0.exe, 00000005.00000002.3143372418.00000000009E4000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000005.00000003.2440366716.0000000001081000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2253993085.0000000003A7B000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2544529696.0000000001084000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2523164463.0000000001093000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000006.00000002.3155150882.00000000009E4000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000007.00000002.2257434736.0000000000C14000.00000040.00000001.01000000.0000000F.sdmp, set_0.exe, 00000008.00000002.3114831364.00000000009E4000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000009.00000002.3133575012.00000000009E4000.00000040.00000001.01000000.0000000C.sdmp, installer.exe, 0000000E.00000002.3112816011.00007FF6C8C0E000.00000002.00000001.01000000.00000015.sdmp, installer.exe, 0000000E.00000003.2907524478.000002DDEB694000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000E.00000003.2908113154.000002DDED3D1000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000F.00000000.2903345215.00007FF6C8C0E000.00000002.00000001.01000000.00000015.sdmp, explorer.exe, 00000012.00000002.3280950871.0000000009B0B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000000.2923951746.0000000009B0B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000000.2923951746.0000000009AF9000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000002.3280950871.0000000009AF9000.00000004.00000001.00020000.00000000.sdmp, notification_helper.exe.8.drString found in binary or memory: http://ocsp.digicert.com0
Source: setup.exe, 00000003.00000003.2247533990.000000000085A000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000002.3143372418.00000000009E4000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000005.00000003.2574547389.0000000001093000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2440366716.0000000001081000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2567499841.0000000001093000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2544529696.0000000001093000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.3139169470.000000000108B000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.3139843993.0000000001092000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2523565591.0000000029F4C000.00000004.00001000.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2253993085.0000000003A7B000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000002.3149984574.0000000001093000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2544529696.0000000001084000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2523164463.0000000001093000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000002.3150230282.00000000012C5000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000006.00000002.3155150882.00000000009E4000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000007.00000002.2257434736.0000000000C14000.00000040.00000001.01000000.0000000F.sdmp, set_0.exe, 00000008.00000002.3114831364.00000000009E4000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000009.00000002.3133575012.00000000009E4000.00000040.00000001.01000000.0000000C.sdmp, installer.exe, 0000000E.00000002.3112816011.00007FF6C8C0E000.00000002.00000001.01000000.00000015.sdmp, installer.exe, 0000000E.00000003.2907524478.000002DDEB694000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000E.00000003.2908113154.000002DDED3D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
Source: setup.exe, 00000003.00000003.2247533990.000000000085A000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000002.3143372418.00000000009E4000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000005.00000003.2440366716.0000000001081000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2704275037.0000000029F64000.00000004.00001000.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.3142774435.0000000029E0C000.00000004.00001000.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2523565591.0000000029F4C000.00000004.00001000.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2253993085.0000000003A7B000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2544529696.0000000001084000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000002.3150230282.00000000012C5000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000006.00000002.3155150882.00000000009E4000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000007.00000002.2257434736.0000000000C14000.00000040.00000001.01000000.0000000F.sdmp, set_0.exe, 00000008.00000002.3114831364.00000000009E4000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000009.00000002.3133575012.00000000009E4000.00000040.00000001.01000000.0000000C.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2545685055.0000000003509000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2546116420.00000000005A0000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2545685055.00000000037DD000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2546248972.0000000003DB0000.00000004.00001000.00020000.00000000.sdmp, installer.exe, 0000000E.00000002.3112816011.00007FF6C8C0E000.00000002.00000001.01000000.00000015.sdmp, installer.exe, 0000000E.00000003.2907524478.000002DDEB694000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000E.00000003.2908113154.000002DDED3D1000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000F.00000000.2903345215.00007FF6C8C0E000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: http://ocsp.digicert.com0C
Source: set_0.exe, 00000005.00000002.3151436541.00000000047D6000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2545685055.0000000003509000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2546116420.00000000005A0000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2545685055.00000000037DD000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2546248972.0000000003DB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0H
Source: set_0.exe, 00000005.00000003.2574547389.0000000001093000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2567499841.0000000001093000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2544529696.0000000001093000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.3139169470.000000000108B000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.3139843993.0000000001092000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000002.3149733003.0000000001073000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000002.3149984574.0000000001093000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2545685055.0000000003509000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2546116420.00000000005A0000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2545685055.00000000037DD000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2546248972.0000000003DB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0I
Source: set_0.exe, 00000005.00000003.2704275037.0000000029F64000.00000004.00001000.00020000.00000000.sdmp, set_0.exe, 00000005.00000002.3149733003.0000000001073000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.3142774435.0000000029E0C000.00000004.00001000.00020000.00000000.sdmp, set_0.exe, 00000005.00000002.3150230282.00000000012C5000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2545685055.0000000003509000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2546116420.00000000005A0000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2545685055.00000000037DD000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2546248972.0000000003DB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0O
Source: setup.exe, 00000003.00000003.2247533990.000000000085A000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000002.3143372418.00000000009E4000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000005.00000003.2574547389.0000000001093000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2440366716.0000000001081000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2567499841.0000000001093000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2544529696.0000000001093000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.3139169470.000000000108B000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.3139843993.0000000001092000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2523565591.0000000029F4C000.00000004.00001000.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2253993085.0000000003A7B000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000002.3149984574.0000000001093000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2544529696.0000000001084000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2523164463.0000000001093000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000002.3150230282.00000000012C5000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000006.00000002.3155150882.00000000009E4000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000007.00000002.2257434736.0000000000C14000.00000040.00000001.01000000.0000000F.sdmp, set_0.exe, 00000008.00000002.3114831364.00000000009E4000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000009.00000002.3133575012.00000000009E4000.00000040.00000001.01000000.0000000C.sdmp, installer.exe, 0000000E.00000002.3112816011.00007FF6C8C0E000.00000002.00000001.01000000.00000015.sdmp, installer.exe, 0000000E.00000003.2907524478.000002DDEB694000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000E.00000003.2908113154.000002DDED3D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0X
Source: explorer.exe, 00000012.00000000.2923951746.00000000099C0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000002.3280950871.00000000099C0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertGlobalRootG2.crlhttp://crl4.digicert.com/Di
Source: set_0.exe, 00000005.00000003.2523164463.0000000001093000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.comx;
Source: setup.exe, 00000003.00000002.3243273604.000000000078E000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000003.00000002.3254369073.00000000059D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://rabbitsseed.xyz/dol.php?spot=1&a=2353&on=420&o=1662
Source: setup.exe, 00000003.00000002.3254369073.00000000059D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://rabbitsseed.xyz/dol.php?spot=1&a=2353&on=420&o=16624V
Source: setup.exe, 00000003.00000002.3243273604.000000000078E000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000003.00000002.3254369073.00000000059DC000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000003.00000003.3196467979.00000000059DB000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000003.00000003.3196215831.000000000085A000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000003.00000002.3254369073.00000000059D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://rabbitsseed.xyz/dol.php?spot=2&a=2353&on=286&o=1627
Source: setup.exe, 00000003.00000002.3254369073.00000000059D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://rabbitsseed.xyz/dol.php?spot=2&a=2353&on=286&o=1627DH
Source: setup.exe, 00000003.00000002.3243273604.000000000078E000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000003.00000002.3254369073.00000000059D1000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000003.00000002.3254369073.00000000059C0000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000003.00000002.3249036583.000000000210F000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: http://rabbitsseed.xyz/dol.php?spot=3&a=2353&on=445&o=1679
Source: setup.exe, 00000003.00000002.3254369073.00000000059D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://rabbitsseed.xyz/dol.php?spot=3&a=2353&on=445&o=16794W
Source: setup.exe, 00000003.00000002.3254369073.00000000059F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://rabbitsseed.xyz/dol.php?spot=3&a=2353&on=445&o=1679A
Source: setup.exe, 00000003.00000002.3254369073.00000000059C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://rabbitsseed.xyz/dol.php?spot=3&a=2353&on=445&o=1679He
Source: setup.exe, 00000003.00000002.3254369073.00000000059D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://rabbitsseed.xyz/dol.php?spot=3&a=2353&on=445&o=1679dH
Source: setup.exe, 00000003.00000002.3243273604.000000000078E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://rabbitsseed.xyz/dol.php?spot=3&a=2353&on=445&o=1679p
Source: setup.exe, 00000003.00000002.3243273604.000000000078E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://rabbitsseed.xyz/dol.php?spot=4&a=2353&on=452&o=1684
Source: setup.exe, 00000003.00000002.3243273604.000000000078E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://rabbitsseed.xyz/dol.php?spot=5&a=2353&on=419&o=1661
Source: setup.exe, 00000003.00000002.3243273604.000000000078E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://rabbitsseed.xyz/dol.php?spot=6&a=2353&on=416&o=1658
Source: setup.exe, 00000003.00000002.3243273604.00000000007ED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://rabbitsseed.xyz/en-GB
Source: setup.exe, 00000003.00000002.3243273604.000000000078E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://rabbitsseed.xyz/lod.php?fz=&d=nsis&msg=&r=offer_execution&rk=no&o=1627&a=2353&dn=286&spot=2&t
Source: setup.exe, 00000003.00000002.3243273604.000000000078E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://rabbitsseed.xyz/lod.php?fz=&d=nsis&msg=&r=offer_execution&rk=no&o=1658&a=2353&dn=416&spot=6&t
Source: setup.exe, 00000003.00000002.3243273604.000000000078E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://rabbitsseed.xyz/lod.php?fz=&d=nsis&msg=&r=offer_execution&rk=no&o=1661&a=2353&dn=419&spot=5&t
Source: setup.exe, 00000003.00000002.3243273604.00000000007ED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://rabbitsseed.xyz/lod.php?fz=&d=nsis&msg=&r=offer_execution&rk=no&o=1662&a=2353&dn=420&spot=1&t
Source: setup.exe, 00000003.00000002.3243273604.000000000078E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://rabbitsseed.xyz/lod.php?fz=&d=nsis&msg=&r=offer_execution&rk=no&o=1679&a=2353&dn=445&spot=3&t
Source: setup.exe, 00000003.00000002.3243273604.000000000078E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://rabbitsseed.xyz/lod.php?fz=&d=nsis&msg=&r=offer_execution&rk=no&o=1684&a=2353&dn=452&spot=4&t
Source: setup.exe, 00000003.00000002.3243273604.000000000078E000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000003.00000002.3254369073.00000000059F1000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000003.00000002.3243273604.000000000084B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://rabbitsseed.xyz/lod.php?fz=&d=nsis&msg=&r=offer_execution&rk=yes&o=1627&a=2353&dn=286&spot=2&
Source: setup.exe, 00000003.00000002.3243273604.000000000078E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://rabbitsseed.xyz/lod.php?fz=&d=nsis&msg=&r=offer_execution&rk=yes&o=1658&a=2353&dn=416&spot=6&
Source: setup.exe, 00000003.00000002.3243273604.000000000078E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://rabbitsseed.xyz/lod.php?fz=&d=nsis&msg=&r=offer_execution&rk=yes&o=1661&a=2353&dn=419&spot=5&
Source: setup.exe, 00000003.00000002.3243273604.000000000078E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://rabbitsseed.xyz/lod.php?fz=&d=nsis&msg=&r=offer_execution&rk=yes&o=1662&a=2353&dn=420&spot=1&
Source: setup.exe, 00000003.00000002.3243273604.000000000078E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://rabbitsseed.xyz/lod.php?fz=&d=nsis&msg=&r=offer_execution&rk=yes&o=1679&a=2353&dn=445&spot=3&
Source: setup.exe, 00000003.00000002.3243273604.000000000078E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://rabbitsseed.xyz/lod.php?fz=&d=nsis&msg=&r=offer_execution&rk=yes&o=1684&a=2353&dn=452&spot=4&
Source: setup.exe, 00000003.00000002.3243273604.000000000078E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://rabbitsseed.xyz/lod.php?fz=&d=nsis&msg=&r=offer_execution_fail&rk=no&o=1627&a=2353&dn=286&spo
Source: setup.exe, 00000003.00000002.3243273604.000000000078E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://rabbitsseed.xyz/lod.php?fz=&d=nsis&msg=&r=offer_execution_fail&rk=no&o=1658&a=2353&dn=416&spo
Source: setup.exe, 00000003.00000002.3243273604.000000000078E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://rabbitsseed.xyz/lod.php?fz=&d=nsis&msg=&r=offer_execution_fail&rk=no&o=1661&a=2353&dn=419&spo
Source: setup.exe, 00000003.00000002.3243273604.000000000078E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://rabbitsseed.xyz/lod.php?fz=&d=nsis&msg=&r=offer_execution_fail&rk=no&o=1662&a=2353&dn=420&spo
Source: setup.exe, 00000003.00000002.3243273604.000000000078E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://rabbitsseed.xyz/lod.php?fz=&d=nsis&msg=&r=offer_execution_fail&rk=no&o=1679&a=2353&dn=445&spo
Source: setup.exe, 00000003.00000002.3243273604.000000000078E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://rabbitsseed.xyz/lod.php?fz=&d=nsis&msg=&r=offer_execution_fail&rk=no&o=1684&a=2353&dn=452&spo
Source: setup.exe, 00000003.00000002.3243273604.000000000078E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://rabbitsseed.xyz/lod.php?fz=&d=nsis&msg=&r=offer_exists&rk=no&o=1627&a=2353&dn=286&spot=2&t=17
Source: setup.exe, 00000003.00000002.3243273604.000000000078E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://rabbitsseed.xyz/lod.php?fz=&d=nsis&msg=&r=offer_exists&rk=no&o=1658&a=2353&dn=416&spot=6&t=17
Source: setup.exe, 00000003.00000002.3243273604.000000000078E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://rabbitsseed.xyz/lod.php?fz=&d=nsis&msg=&r=offer_exists&rk=no&o=1661&a=2353&dn=419&spot=5&t=17
Source: setup.exe, 00000003.00000002.3243273604.000000000078E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://rabbitsseed.xyz/lod.php?fz=&d=nsis&msg=&r=offer_exists&rk=no&o=1662&a=2353&dn=420&spot=1&t=17
Source: setup.exe, 00000003.00000002.3243273604.000000000078E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://rabbitsseed.xyz/lod.php?fz=&d=nsis&msg=&r=offer_exists&rk=no&o=1679&a=2353&dn=445&spot=3&t=17
Source: setup.exe, 00000003.00000002.3243273604.000000000078E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://rabbitsseed.xyz/lod.php?fz=&d=nsis&msg=&r=offer_exists&rk=no&o=1684&a=2353&dn=452&spot=4&t=17
Source: setup.exe, 00000003.00000002.3254369073.00000000059DC000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000003.00000002.3243273604.000000000084B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://save.windowstone.website/
Source: setup.exe, 00000003.00000002.3243273604.000000000084B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://save.windowstone.website/t
Source: setup.exe, 00000003.00000002.3243273604.000000000078E000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000003.00000002.3254369073.00000000059DC000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000003.00000002.3243273604.00000000007ED000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000003.00000002.3243273604.0000000000837000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://save.windowstone.website/track_inl2.php?tim=1711816681&poid=2353&p=1.25
Source: setup.exe, 00000003.00000002.3243273604.0000000000837000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://save.windowstone.website/track_inl2.php?tim=1711816681&poid=2353&p=1.25Giz
Source: setup.exe, 00000003.00000002.3243273604.000000000078E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://save.windowstone.website/track_inl2.php?tim=1711816681&poid=2353&p=1.25Inno
Source: setup.exe, 00000003.00000002.3243273604.000000000078E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://save.windowstone.website/track_polos.php?tim=1711816681&rcc=US&c=2353&p=1.13
Source: setup.exe, 00000003.00000002.3243273604.000000000078E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://save.windowstone.website/track_polos.php?tim=1711816681&rcc=US&c=2353&p=1.13http://rabbitssee
Source: explorer.exe, 00000012.00000002.3276954492.0000000008890000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000012.00000002.3276340925.0000000008870000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000012.00000002.3268076873.0000000007DC0000.00000002.00000001.00040000.00000000.sdmpString found in binary or memory: http://schemas.micro
Source: Inter-ExtraBold.ttf.8.drString found in binary or memory: http://scripts.sil.org/OFLhttp://scripts.sil.org/OFLInterExtraBoldInterExtraBoldOpen
Source: Inter-LightItalic.ttf.8.drString found in binary or memory: http://scripts.sil.org/OFLhttp://scripts.sil.org/OFLInterLight
Source: set_0.exe, 00000005.00000002.3143372418.00000000009E4000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000005.00000003.2440366716.0000000001081000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2704275037.0000000029F64000.00000004.00001000.00020000.00000000.sdmp, set_0.exe, 00000005.00000002.3149733003.0000000001073000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.3142774435.0000000029E0C000.00000004.00001000.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2253993085.0000000003A7B000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2544529696.0000000001084000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2523164463.0000000001093000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000002.3150230282.00000000012C5000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000006.00000002.3155150882.00000000009E4000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000007.00000002.2257434736.0000000000C14000.00000040.00000001.01000000.0000000F.sdmp, set_0.exe, 00000008.00000002.3114831364.00000000009E4000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000009.00000002.3133575012.00000000009E4000.00000040.00000001.01000000.0000000C.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2545685055.0000000003509000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2546116420.00000000005A0000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2545685055.00000000037DD000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2546248972.0000000003DB0000.00000004.00001000.00020000.00000000.sdmp, installer.exe, 0000000E.00000002.3112816011.00007FF6C8C0E000.00000002.00000001.01000000.00000015.sdmp, installer.exe, 0000000E.00000003.2907524478.000002DDEB694000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000E.00000003.2908113154.000002DDED3D1000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000F.00000000.2903345215.00007FF6C8C0E000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: http://www.digicert.com/CPS0
Source: set_0.exe, 00000005.00000003.2574547389.0000000001093000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2567499841.0000000001093000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2544529696.0000000001093000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.3139169470.000000000108B000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.3139843993.0000000001092000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000002.3149733003.0000000001073000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000002.3149984574.0000000001093000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2545685055.0000000003509000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2546116420.00000000005A0000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2545685055.00000000037DD000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2546248972.0000000003DB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
Source: set_0.exe, 00000005.00000003.2704275037.0000000029F64000.00000004.00001000.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2523565591.0000000029F4C000.00000004.00001000.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2523164463.0000000001093000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.opera.com
Source: setup.exe, 00000003.00000003.2247533990.000000000085A000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000002.3143372418.00000000009E4000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000005.00000003.2440366716.0000000001081000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2253993085.0000000003A7B000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2544529696.0000000001084000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000006.00000002.3155150882.00000000009E4000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000007.00000002.2257434736.0000000000C14000.00000040.00000001.01000000.0000000F.sdmp, set_0.exe, 00000008.00000002.3114831364.00000000009E4000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000009.00000002.3133575012.00000000009E4000.00000040.00000001.01000000.0000000C.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2545685055.0000000003509000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2546116420.00000000005A0000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2545685055.00000000037DD000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2546248972.0000000003DB0000.00000004.00001000.00020000.00000000.sdmp, installer.exe, 0000000E.00000002.3112816011.00007FF6C8C0E000.00000002.00000001.01000000.00000015.sdmp, installer.exe, 0000000E.00000003.2907524478.000002DDEB694000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000E.00000003.2908113154.000002DDED3D1000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000F.00000000.2903345215.00007FF6C8C0E000.00000002.00000001.01000000.00000015.sdmp, notification_helper.exe.8.drString found in binary or memory: http://www.opera.com0
Source: set_0.exe, 00000005.00000002.3150230282.00000000012C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.opera.comh
Source: set_0.exe, 00000005.00000002.3150230282.00000000012C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.opera.comp
Source: installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://ac.duckduckgo.com/ac/?q=
Source: installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com
Source: installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.spotify.com/
Source: installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.youtube.com
Source: explorer.exe, 00000012.00000000.2926390301.000000000C4DC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000002.3309667908.000000000C4DC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://activity.windows.com/UserActivity.ReadWrite.CreatedByAppcrobat.exe
Source: setup.exe, 00000003.00000002.3243273604.000000000078E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://adblockfast.com/license/
Source: installer.exe, 0000000F.00000002.3123167236.00007FF6C8757000.00000002.00000001.01000000.00000015.sdmp, notification_helper.exe.8.drString found in binary or memory: https://addons.opera.com/en/extensions/details/dify-cashback/
Source: installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://addons.opera.com/extensions/download/0239ef3d7c95570d61b12b2fb509af435ccc2131/
Source: installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://addons.opera.com/extensions/download/0f0e5f62d66c60ed333aca63dd12b74d89b1197f/
Source: installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://addons.opera.com/extensions/download/13655f413caacdcc677b24dc0c615d1f5328d6a3/
Source: installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://addons.opera.com/extensions/download/175c553e1afe06b6eba448d5d51821f3b3200c23/
Source: installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://addons.opera.com/extensions/download/1eccff548be9e5afea58974ea48f09611bb0971f/
Source: installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://addons.opera.com/extensions/download/2f7d465d32db944b1a50d34569ecc10aa71d7b1b/
Source: installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://addons.opera.com/extensions/download/313b7f796952f2b34bf6bce6ba10a7b51bd18913/
Source: installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://addons.opera.com/extensions/download/3ed7347a5e10c404ea6cb96281265ff23092cf8f/
Source: installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://addons.opera.com/extensions/download/434b0a6daa530638a964132e86b8a01d7b39aa7c/
Source: installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://addons.opera.com/extensions/download/47495671858c844787b75a7b65d83bf0f4daa0b7/
Source: installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://addons.opera.com/extensions/download/47ac1e141dfbb826480ad739f82202f33942e3a9/
Source: installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://addons.opera.com/extensions/download/4d3d8f7f070d279fbe0d2795e10e69fbab5d3824/
Source: installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://addons.opera.com/extensions/download/505f20c0ceb331ebec9f6b8d9def5e0f59be4612/
Source: installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://addons.opera.com/extensions/download/5a244c9761df69fd3c6925ff8f639d24e28b1169/
Source: installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://addons.opera.com/extensions/download/626b4fd1d224c0f6344647a9049bdade45c11e10/
Source: installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmp, installer.exe, 0000000E.00000003.2906922484.000002DDEB68D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://addons.opera.com/extensions/download/7090985e32fa004ea7f01e519549d5bb07e36e57/
Source: installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://addons.opera.com/extensions/download/7537081f498da9b83d5905e8a6aa77283f222bc3/
Source: installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://addons.opera.com/extensions/download/7ce8277c35ac7d51701decad652c060741bd7e48/
Source: installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://addons.opera.com/extensions/download/7d5c2a2d6136fbf166211d5183bf66214a247f31/
Source: installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://addons.opera.com/extensions/download/80c7dd8db07f193d40005f1a4c59dbc922d41bbc/
Source: installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://addons.opera.com/extensions/download/9972667e4a17fabc1af14d8a388078a2069c5be3/
Source: installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmp, installer.exe, 0000000E.00000003.2906922484.000002DDEB68D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://addons.opera.com/extensions/download/aaa83eac6890a9a6e2273ea51d6f2f2915b1a019/
Source: installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://addons.opera.com/extensions/download/aad01b6c6f7f2f01bea6584af044c96d8850f748/
Source: installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://addons.opera.com/extensions/download/ad5beaae2fc679ccba1db1f7b3c9503d8da6ec70/
Source: installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://addons.opera.com/extensions/download/cf1b58b29b4efc97d4cd45328f0ab79f541469d4/
Source: installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://addons.opera.com/extensions/download/d31e12a38bccc4ce61b2fe8e6fd3160ec5191274/
Source: installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmp, installer.exe, 0000000E.00000003.2906922484.000002DDEB68D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://addons.opera.com/extensions/download/d62bc2d4349d61e94daa48a5c49b897f6bfcd166/
Source: installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://addons.opera.com/extensions/download/d7966d331216ef6a7affdecb3ee81600ba5c34d3/
Source: installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmp, installer.exe, 0000000E.00000003.2906922484.000002DDEB68D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://addons.opera.com/extensions/download/e27cf3ebc2172a1a7d9cb6978a031ef52ed55596/
Source: installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://addons.opera.com/extensions/download/e3f47f1911ec0c9b987871ea7bc7da7525594997/
Source: installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://addons.opera.com/extensions/download/fd1ad64e991dece2a0e4b2c8d5b45d22d513bd8b/
Source: explorer.exe, 00000012.00000000.2921714712.00000000076F8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000002.3256594652.00000000076F8000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://android.notify.windows.com/iOS
Source: installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://api.browser.yandex.ua/suggest/get?part=
Source: explorer.exe, 00000012.00000002.3280950871.0000000009ADB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000000.2923951746.0000000009ADB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/
Source: explorer.exe, 00000012.00000000.2921714712.0000000007637000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000002.3256594652.0000000007637000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/v1/News/Feed/Windows?apikey=qrUeHGGYvVowZJuHA3XaH0uUvg1ZJ0GUZnXk3mxxPF&ocid=wind
Source: installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://appleid.apple.com
Source: explorer.exe, 00000012.00000002.3251901388.00000000035FA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000003.3145205246.00000000035FA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000000.2920212617.00000000035FA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://arc.msn.coml
Source: hu.pak.8.dr, ru.pak.8.drString found in binary or memory: https://auth.opera.com/account/v2/desktop/login/choose-method
Source: assistant_installer.exe, assistant_installer.exe, 0000000D.00000002.2549972447.00000000009A7000.00000002.00000001.01000000.00000014.sdmp, installer.exe, 0000000E.00000000.2900452325.00007FF6C8757000.00000002.00000001.01000000.00000015.sdmp, installer.exe, 0000000E.00000003.2908113154.000002DDED3D1000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000F.00000002.3123167236.00007FF6C8757000.00000002.00000001.01000000.00000015.sdmp, notification_helper.exe.8.drString found in binary or memory: https://autoupdate.geo.opera.com/
Source: Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2545685055.0000000003509000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2545685055.000000000339C000.00000004.00000020.00020000.00000000.sdmp, assistant_installer.exe, 0000000C.00000000.2547130076.00000000009A7000.00000002.00000001.01000000.00000014.sdmp, assistant_installer.exe, 0000000D.00000002.2549972447.00000000009A7000.00000002.00000001.01000000.00000014.sdmpString found in binary or memory: https://autoupdate.geo.opera.com/.opera.comOpera
Source: set_0.exe, 00000005.00000002.3149733003.0000000000FE0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://autoupdate.geo.opera.com/=HT4%
Source: set_0.exe, 00000005.00000002.3149733003.0000000000FE0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://autoupdate.geo.opera.com/IH
Source: notification_helper.exe.8.drString found in binary or memory: https://autoupdate.geo.opera.com/OperaDesktopGX
Source: set_0.exe, 00000005.00000002.3149984574.0000000001093000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://autoupdate.geo.opera.com/api/prefs/?product=Opera
Source: set_0.exe, 00000005.00000002.3149733003.0000000000FE0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://autoupdate.geo.opera.com/api/prefs/?product=Opera%20GX&version=107.0.5045.79
Source: set_0.exe, 00000005.00000002.3149733003.0000000000FE0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://autoupdate.geo.opera.com/api/prefs/?product=Opera%20GX&version=107.0.5045.79Z(T5n
Source: installer.exe, 0000000E.00000003.2908113154.000002DDED3D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://autoupdate.geo.opera.com/developernightlyStableinstaller_prefs.jsonNightlyDeveloperNextStabl
Source: set_0.exe, set_0.exe, 00000009.00000002.3133575012.0000000000620000.00000040.00000001.01000000.0000000C.sdmp, installer.exe, 0000000E.00000000.2900452325.00007FF6C8757000.00000002.00000001.01000000.00000015.sdmp, installer.exe, 0000000F.00000002.3123167236.00007FF6C8757000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: https://autoupdate.geo.opera.com/geolocation/
Source: set_0.exe, 00000005.00000002.3149733003.0000000001047000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://autoupdate.geo.opera.com/geolocation/Q
Source: set_0.exe, 00000005.00000002.3143372418.0000000000620000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000006.00000002.3155150882.0000000000620000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000007.00000002.2257434736.0000000000850000.00000040.00000001.01000000.0000000F.sdmp, set_0.exe, 00000008.00000002.3114831364.0000000000620000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000009.00000002.3133575012.0000000000620000.00000040.00000001.01000000.0000000C.sdmp, installer.exe, 0000000E.00000000.2900452325.00007FF6C8757000.00000002.00000001.01000000.00000015.sdmp, installer.exe, 0000000F.00000002.3123167236.00007FF6C8757000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: https://autoupdate.geo.opera.com/https://autoupdate.geo.opera.com/geolocation/OperaDesktopGXhttps://
Source: set_0.exe, 00000005.00000002.3149733003.0000000000FE0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://autoupdate.geo.opera.com/v5/netinstaller/gx/Stable/windows/x64
Source: Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2545685055.0000000003509000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://browser-notifications.opera.com/api/v1/
Source: Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2545685055.0000000003509000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://browser-notifications.opera.com/api/v1/333333
Source: hu.pak.8.dr, ru.pak.8.dr, fil.pak.8.drString found in binary or memory: https://chrome.google.com/webstore/category/extensions
Source: hu.pak.8.drString found in binary or memory: https://chrome.google.com/webstore?hl=hu&category=themeChrome-adatok
Source: ru.pak.8.drString found in binary or memory: https://chrome.google.com/webstore?hl=ru&category=theme
Source: hu.pak.8.dr, ru.pak.8.drString found in binary or memory: https://chromestatus.com/features#browsers.chrome.status%3A%22Deprecated%22
Source: setup.exe, 00000003.00000002.3243273604.000000000078E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://clearplaytube.com/eula
Source: installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://completion.amazon.com/search/complete?q=
Source: set_0.exe, 00000005.00000002.3149733003.0000000001047000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://config.gx.games/
Source: set_0.exe, set_0.exe, 00000009.00000002.3133575012.0000000000620000.00000040.00000001.01000000.0000000C.sdmp, installer.exe, 0000000E.00000000.2900452325.00007FF6C8757000.00000002.00000001.01000000.00000015.sdmp, installer.exe, 0000000F.00000002.3123167236.00007FF6C8757000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: https://config.gx.games/v0/config
Source: set_0.exe, 00000005.00000003.2271008591.0000000001097000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2523164463.0000000001093000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2276443377.0000000001097000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://config.gx.games/v0/config?utm_campaign=PWN_US_PB3_DD_3661&utm_medium=pa&utm_source=PWNgames&
Source: set_0.exe, 00000005.00000002.3143372418.0000000000620000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000006.00000002.3155150882.0000000000620000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000007.00000002.2257434736.0000000000850000.00000040.00000001.01000000.0000000F.sdmp, set_0.exe, 00000008.00000002.3114831364.0000000000620000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000009.00000002.3133575012.0000000000620000.00000040.00000001.01000000.0000000C.sdmp, installer.exe, 0000000E.00000000.2900452325.00007FF6C8757000.00000002.00000001.01000000.00000015.sdmp, installer.exe, 0000000F.00000002.3123167236.00007FF6C8757000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: https://config.gx.games/v0/configeditionutm_campaign=%s&utm_medium=%s&utm_source=%s&product=%s&chann
Source: installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://consent.youtube.com
Source: assistant_installer.exe, assistant_installer.exe, 0000000D.00000002.2549972447.00000000009A7000.00000002.00000001.01000000.00000014.sdmp, installer.exe, 0000000E.00000000.2900452325.00007FF6C8757000.00000002.00000001.01000000.00000015.sdmp, installer.exe, 0000000F.00000002.3123167236.00007FF6C8757000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: https://crashpad.chromium.org/
Source: assistant_installer.exe, assistant_installer.exe, 0000000D.00000002.2549972447.00000000009A7000.00000002.00000001.01000000.00000014.sdmp, installer.exe, 0000000E.00000000.2900452325.00007FF6C8757000.00000002.00000001.01000000.00000015.sdmp, installer.exe, 0000000F.00000002.3123167236.00007FF6C8757000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: https://crashpad.chromium.org/bug/new
Source: set_0.exe, 00000005.00000002.3143372418.0000000000620000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000006.00000002.3155150882.0000000000620000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000007.00000002.2257434736.0000000000850000.00000040.00000001.01000000.0000000F.sdmp, set_0.exe, 00000008.00000002.3114831364.0000000000620000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000009.00000002.3133575012.0000000000620000.00000040.00000001.01000000.0000000C.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2545685055.0000000003509000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2545685055.000000000339C000.00000004.00000020.00020000.00000000.sdmp, assistant_installer.exe, 0000000C.00000000.2547130076.00000000009A7000.00000002.00000001.01000000.00000014.sdmp, assistant_installer.exe, 0000000D.00000002.2549972447.00000000009A7000.00000002.00000001.01000000.00000014.sdmp, installer.exe, 0000000E.00000000.2900452325.00007FF6C8757000.00000002.00000001.01000000.00000015.sdmp, installer.exe, 0000000F.00000002.3123167236.00007FF6C8757000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: https://crashpad.chromium.org/https://crashpad.chromium.org/bug/new
Source: installer.exe, 0000000F.00000002.3115795944.0000015332220000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000F.00000002.3123167236.00007FF6C8757000.00000002.00000001.01000000.00000015.sdmp, installer.exe, 0000000F.00000003.3114334325.0000413400238000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crashstats-collector.opera.com/collector/submit
Source: set_0.exe, 00000006.00000002.3158366356.0000000000FEB000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000006.00000003.3154254434.000000004802C000.00000004.00001000.00020000.00000000.sdmp, set_0.exe, 00000009.00000002.3135878103.00000000011DB000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000009.00000003.3133326673.000000005922C000.00000004.00001000.00020000.00000000.sdmp, assistant_installer.exe, 0000000D.00000002.2550282517.00000000052CB000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000F.00000003.3114334325.0000413400238000.00000004.00001000.00020000.00000000.sdmp, installer.exe, 0000000F.00000002.3115795944.000001533222A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://crashstats-collector.opera.com/collector/submit--annotation=channel=Stable--annotation=plat=
Source: installer.exe, 0000000F.00000002.3121694211.00004134002C8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crashstats-collector.opera.com/collector/submit--url=https://crashstats-collector.opera.com/
Source: set_0.exe, 00000009.00000002.3140701506.0000000059224000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crashstats-collector.opera.com/collector/submit0x388
Source: set_0.exe, 00000006.00000002.3158561245.0000000048024000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crashstats-collector.opera.com/collector/submit0x398
Source: assistant_installer.exe, 0000000D.00000002.2550282517.00000000052CB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://crashstats-collector.opera.com/collector/submit3
Source: assistant_installer.exe, 0000000D.00000002.2550282517.00000000052CB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://crashstats-collector.opera.com/collector/submit8
Source: installer.exe, 0000000F.00000002.3121603520.00004134002B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crashstats-collector.opera.com/collector/submitA4
Source: set_0.exe, 00000006.00000002.3158916860.00000000480BC000.00000004.00001000.00020000.00000000.sdmp, set_0.exe, 00000006.00000002.3158697809.0000000048068000.00000004.00001000.00020000.00000000.sdmp, set_0.exe, 00000006.00000002.3158561245.0000000048024000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crashstats-collector.opera.com/collector/submitH
Source: Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2545685055.0000000003509000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2545685055.000000000339C000.00000004.00000020.00020000.00000000.sdmp, assistant_installer.exe, 0000000C.00000000.2547130076.00000000009A7000.00000002.00000001.01000000.00000014.sdmp, assistant_installer.exe, 0000000D.00000002.2549972447.00000000009A7000.00000002.00000001.01000000.00000014.sdmpString found in binary or memory: https://crashstats-collector.opera.com/collector/submitOperaDesktopGX
Source: set_0.exe, 00000009.00000002.3143762464.00000000592BC000.00000004.00001000.00020000.00000000.sdmp, set_0.exe, 00000009.00000002.3140701506.0000000059224000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crashstats-collector.opera.com/collector/submitY
Source: set_0.exe, 00000009.00000002.3142514146.0000000059260000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crashstats-collector.opera.com/collector/submitY&
Source: assistant_installer.exe, 0000000D.00000002.2550282517.00000000052CB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://crashstats-collector.opera.com/collector/submitrSheH
Source: assistant_installer.exe, 0000000D.00000002.2550282517.00000000052CB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://crashstats-collector.opera.com/collector/submitx9
Source: Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2545685055.0000000003509000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://curl.haxx.se/docs/http-cookies.html
Source: set_0.exe, 00000005.00000002.3149733003.0000000001047000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/
Source: set_0.exe, 00000005.00000002.3149733003.0000000001047000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/e
Source: set_0.exe, 00000005.00000002.3149733003.0000000001047000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/etUrlCache
Source: set_0.exe, 00000005.00000002.3149733003.0000000001047000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/r-sub.osp.opera.software/etUrlCache
Source: set_0.exe, 00000005.00000002.3149733003.0000000001047000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/r-sub.osp.opera.software/sdSipVerifyHashDllFuncN
Source: set_0.exe, 00000005.00000002.3149733003.0000000001047000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/r-sub.osp.opera.software/utSignedDataMsgDllFuncN
Source: set_0.exe, 00000005.00000003.2574547389.0000000001093000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2567499841.0000000001093000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2544529696.0000000001093000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.3139169470.000000000108B000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.3139843993.0000000001092000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000002.3149733003.0000000001073000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2288347905.0000000001097000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000002.3149733003.0000000001047000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2440339152.0000000001097000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000002.3149984574.0000000001093000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2523164463.0000000001093000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2276443377.0000000001097000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binary
Source: set_0.exe, 00000005.00000002.3149733003.0000000001073000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binary0
Source: set_0.exe, 00000005.00000003.2574547389.0000000001093000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2567499841.0000000001093000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2544529696.0000000001093000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binary8
Source: set_0.exe, 00000005.00000002.3149733003.0000000001047000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binaryG
Source: set_0.exe, 00000005.00000003.3139169470.000000000108B000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.3139843993.0000000001092000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000002.3149984574.0000000001093000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binaryIDoot
Source: set_0.exe, 00000005.00000002.3149733003.0000000001073000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binaryW
Source: set_0.exe, 00000005.00000003.2574547389.0000000001093000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2567499841.0000000001093000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binaryX
Source: set_0.exe, 00000005.00000003.2574547389.0000000001093000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2567499841.0000000001093000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2544529696.0000000001093000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.3139169470.000000000108B000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.3139843993.0000000001092000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2440339152.0000000001097000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000002.3149984574.0000000001093000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2523164463.0000000001093000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binarya
Source: set_0.exe, 00000005.00000002.3149733003.0000000001073000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binarye
Source: set_0.exe, 00000005.00000003.3139169470.000000000108B000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.3139843993.0000000001092000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000002.3149984574.0000000001093000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binaryera.software
Source: set_0.exe, 00000005.00000003.2574547389.0000000001093000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2567499841.0000000001093000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binaryera.software3
Source: set_0.exe, 00000005.00000003.2574547389.0000000001093000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2567499841.0000000001093000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.3139169470.000000000108B000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.3139843993.0000000001092000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000002.3149984574.0000000001093000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binaryv9
Source: setup.exe, 00000003.00000002.3243273604.000000000078E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://digitalpulsedata.com/tos
Source: set_0.exe, 00000005.00000003.2574547389.0000000001093000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2567499841.0000000001093000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2544529696.0000000001093000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.3139169470.000000000108B000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.3139843993.0000000001092000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2288347905.0000000001097000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2440339152.0000000001097000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000002.3149984574.0000000001093000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2271008591.0000000001097000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2523164463.0000000001093000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2276443377.0000000001097000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://download.opera.com/
Source: set_0.exe, 00000005.00000003.2271008591.00000000010D2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://download.opera.com/d
Source: set_0.exe, 00000005.00000003.3142708875.0000000029E2A000.00000004.00001000.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.3139169470.000000000108B000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2567499841.000000000108B000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2544529696.0000000001084000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2269740663.0000000001084000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000002.3149984574.000000000108B000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2574547389.000000000108B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://download.opera.com/download/get/?id=52318&autoupdate=1&ni=1
Source: set_0.exe, 00000005.00000003.3139169470.000000000108B000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2567499841.000000000108B000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2544529696.0000000001084000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000002.3149984574.000000000108B000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2574547389.000000000108B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://download.opera.com/download/get/?id=52318&autoupdate=1&ni=1H
Source: set_0.exe, 00000005.00000003.2544529696.0000000001084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://download.opera.com/download/get/?id=52318&autoupdate=1&ni=1b
Source: set_0.exe, 00000005.00000003.2276443377.0000000001097000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://download.opera.com/download/get/?id=65442&autoupdate=1&ni=1&stream=stable&utm_campaign=PWN_U
Source: set_0.exe, set_0.exe, 00000009.00000002.3133575012.0000000000620000.00000040.00000001.01000000.0000000C.sdmp, installer.exe, 0000000E.00000000.2900452325.00007FF6C8757000.00000002.00000001.01000000.00000015.sdmp, installer.exe, 0000000F.00000002.3123167236.00007FF6C8757000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: https://download.opera.com/download/get/?partner=www&opsys=Windows&utm_source=netinstaller
Source: set_0.exe, 00000005.00000003.2574547389.0000000001093000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2567499841.0000000001093000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2544529696.0000000001093000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.3139169470.000000000108B000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.3139843993.0000000001092000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2288347905.0000000001097000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2440339152.0000000001097000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000002.3149984574.0000000001093000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2271008591.0000000001097000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2523164463.0000000001093000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2276443377.0000000001097000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://download.opera.com/id
Source: set_0.exe, 00000005.00000003.2276443377.000000000108B000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000002.3149733003.0000000001047000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://download3.operacdn.com/
Source: set_0.exe, 00000005.00000003.2276443377.0000000001097000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://download3.operacdn.com/ftp/pub/opera_gx/107.0.5045.79/win/Opera_GX_107.0.5045.79_Autoupdate_
Source: set_0.exe, 00000005.00000003.2276443377.0000000001097000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://download3.operacdn.com/res/servicefiles/partner_content/std-1/1698947853-custom_partner_cont
Source: set_0.exe, 00000005.00000002.3149733003.0000000001073000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2567499841.000000000108B000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2544529696.0000000001084000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2574547389.000000000108B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://download5.operacdn.com/
Source: set_0.exe, 00000005.00000003.2567499841.000000000108B000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2544529696.0000000001084000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2574547389.000000000108B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://download5.operacdn.com/ft
Source: set_0.exe, 00000005.00000002.3149733003.0000000001047000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2544529696.0000000001084000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2544708482.0000000001090000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://download5.operacdn.com/ftp/pub/.assistant_gx/73.0.3856.382/Opera_GX_assistant_73.0.3856.382_
Source: setup.exe, 00000003.00000002.3243273604.000000000084B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://downloads.adblockfast.com/
Source: setup.exe, 00000003.00000002.3254369073.00000000059F6000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000003.00000002.3254369073.00000000059D1000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000003.00000002.3254369073.00000000059C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://downloads.adblockfast.com/890/AdblockInstaller.exe
Source: setup.exe, 00000003.00000002.3243273604.000000000084B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://downloads.adblockfast.com/licies
Source: installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/?q=
Source: installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.ico
Source: explorer.exe, 00000012.00000002.3289386190.0000000009BA5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000000.2923951746.0000000009B41000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000003.3096211211.0000000009BA0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://excel.office.com
Source: installer.exe, 0000000E.00000003.2964535733.000002E000360000.00000004.00001000.00020000.00000000.sdmp, installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://extension-updates.opera.com/api/omaha/update/
Source: set_0.exe, 00000005.00000003.2574547389.0000000001093000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2440366716.0000000001081000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2288371570.0000000001080000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2276443377.000000000108B000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2567499841.0000000001093000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2544529696.0000000001093000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.3139169470.000000000108B000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2269740663.0000000001097000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.3139843993.0000000001092000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2288347905.0000000001097000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2440339152.0000000001097000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000002.3149984574.0000000001093000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2271008591.0000000001097000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2523164463.0000000001093000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2269740663.000000000108B000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2276443377.0000000001097000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://features.opera-api2.com/
Source: set_0.exe, 00000005.00000003.2269740663.000000000108B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://features.opera-api2.com/age=en-GB&uuid=a2eb09b3-da4f-4837-933b-139333cf4305&product=gx&chann
Source: installer.exe, 0000000F.00000002.3123167236.00007FF6C8757000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: https://features.opera-api2.com/api/v2/features?country=%s&language=%s&uuid=%s&product=%s&channel=%s
Source: set_0.exe, 00000005.00000003.2276443377.0000000001097000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://features.opera-api2.com/api/v2/features?country=US&language=en-GB&uuid=a2eb09b3-da4f-4837-93
Source: set_0.exe, 00000005.00000003.2440366716.0000000001081000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2288371570.0000000001080000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2276443377.000000000108B000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2269740663.000000000108B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://features.opera-api2.com/b
Source: set_0.exe, 00000005.00000003.2269740663.000000000108B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://features.opera-api2.com/p
Source: installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://ff.search.yahoo.com/gossip?output=fxjson&command=
Source: installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://gaana.com/
Source: set_0.exe, set_0.exe, 00000009.00000002.3133575012.00000000005FA000.00000040.00000001.01000000.0000000C.sdmp, installer.exe, 0000000E.00000000.2900452325.00007FF6C8757000.00000002.00000001.01000000.00000015.sdmp, installer.exe, 0000000F.00000002.3123167236.00007FF6C8757000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: https://gamemaker.io
Source: set_0.exe, set_0.exe, 00000009.00000002.3133575012.00000000005FA000.00000040.00000001.01000000.0000000C.sdmp, installer.exe, 0000000E.00000000.2900452325.00007FF6C8757000.00000002.00000001.01000000.00000015.sdmp, installer.exe, 0000000F.00000002.3123167236.00007FF6C8757000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: https://gamemaker.io)
Source: set_0.exe, set_0.exe, 00000009.00000002.3133575012.00000000005FA000.00000040.00000001.01000000.0000000C.sdmp, installer.exe, 0000000E.00000000.2900452325.00007FF6C8757000.00000002.00000001.01000000.00000015.sdmp, installer.exe, 0000000F.00000002.3123167236.00007FF6C8757000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: https://gamemaker.io/en/education.
Source: set_0.exe, set_0.exe, 00000009.00000002.3133575012.00000000005FA000.00000040.00000001.01000000.0000000C.sdmp, installer.exe, 0000000E.00000000.2900452325.00007FF6C8757000.00000002.00000001.01000000.00000015.sdmp, installer.exe, 0000000F.00000002.3123167236.00007FF6C8757000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: https://gamemaker.io/en/get.
Source: set_0.exe, set_0.exe, 00000009.00000002.3133575012.00000000005FA000.00000040.00000001.01000000.0000000C.sdmp, installer.exe, 0000000E.00000000.2900452325.00007FF6C8757000.00000002.00000001.01000000.00000015.sdmp, installer.exe, 0000000F.00000002.3123167236.00007FF6C8757000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: https://help.instagram.com/581066165581870;
Source: set_0.exe, set_0.exe, 00000009.00000002.3133575012.0000000000620000.00000040.00000001.01000000.0000000C.sdmp, installer.exe, 0000000E.00000000.2900452325.00007FF6C8757000.00000002.00000001.01000000.00000015.sdmp, installer.exe, 0000000F.00000002.3123167236.00007FF6C8757000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: https://help.opera.com/latest/
Source: winrar-x64-620b2.exeString found in binary or memory: https://jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU
Source: set_0.exe, set_0.exe, 00000009.00000002.3133575012.00000000005FA000.00000040.00000001.01000000.0000000C.sdmp, installer.exe, 0000000E.00000000.2900452325.00007FF6C8757000.00000002.00000001.01000000.00000015.sdmp, installer.exe, 0000000F.00000002.3123167236.00007FF6C8757000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: https://legal.opera.com/eula/computers
Source: setup.exe, 00000003.00000002.3243273604.000000000078E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://legal.opera.com/eula/computers/
Source: installer.exe, 0000000F.00000002.3123167236.00007FF6C8757000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: https://legal.opera.com/privacy
Source: set_0.exe, set_0.exe, 00000009.00000002.3133575012.00000000005FA000.00000040.00000001.01000000.0000000C.sdmp, installer.exe, 0000000E.00000000.2900452325.00007FF6C8757000.00000002.00000001.01000000.00000015.sdmp, installer.exe, 0000000F.00000002.3123167236.00007FF6C8757000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: https://legal.opera.com/privacy.
Source: setup.exe, 00000003.00000002.3243273604.000000000078E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://legal.opera.com/privacy/
Source: set_0.exe, 00000005.00000002.3143372418.00000000005FA000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000006.00000002.3155150882.00000000005FA000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000007.00000002.2257434736.000000000082A000.00000040.00000001.01000000.0000000F.sdmp, set_0.exe, 00000008.00000002.3114831364.00000000005FA000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000009.00000002.3133575012.00000000005FA000.00000040.00000001.01000000.0000000C.sdmp, installer.exe, 0000000E.00000000.2900452325.00007FF6C8757000.00000002.00000001.01000000.00000015.sdmp, installer.exe, 0000000F.00000002.3123167236.00007FF6C8757000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: https://legal.opera.com/terms
Source: installer.exe, 0000000F.00000002.3123167236.00007FF6C8757000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: https://legal.opera.com/terms.
Source: installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://listen.tidal.com/
Source: installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://listen.tidal.com/login
Source: installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://login.tidal.com
Source: winrar-x64-620b2.tmp, 00000001.00000003.2113559302.00000000009E9000.00000004.00000020.00020000.00000000.sdmp, winrar-x64-620b2.tmp, 00000001.00000002.3240288278.00000000009FE000.00000004.00000020.00020000.00000000.sdmp, winrar-x64-620b2.tmp, 00000001.00000003.2113995556.00000000009FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://maskreason.xyz/
Source: winrar-x64-620b2.tmp, 00000001.00000002.3240288278.00000000009B6000.00000004.00000020.00020000.00000000.sdmp, winrar-x64-620b2.tmp, 00000001.00000003.2113559302.00000000009B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://maskreason.xyz/R
Source: winrar-x64-620b2.tmp, 00000001.00000003.2113559302.00000000009E9000.00000004.00000020.00020000.00000000.sdmp, winrar-x64-620b2.tmp, 00000001.00000003.2113995556.00000000009FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://maskreason.xyz/f
Source: winrar-x64-620b2.tmp, 00000001.00000002.3240288278.0000000000966000.00000004.00000020.00020000.00000000.sdmp, winrar-x64-620b2.tmp, 00000001.00000002.3251084046.00000000023DA000.00000004.00001000.00020000.00000000.sdmp, winrar-x64-620b2.tmp, 00000001.00000003.2113559302.00000000009C0000.00000004.00000020.00020000.00000000.sdmp, winrar-x64-620b2.tmp, 00000001.00000002.3240288278.00000000009C5000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000012.00000000.2919538038.0000000001731000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000012.00000002.3244712183.0000000001731000.00000002.00000001.00040000.00000000.sdmp, zRLeaVuwHZUsAJ.exe, 00000013.00000000.2934580980.0000000000FD1000.00000002.00000001.00040000.00000000.sdmp, zRLeaVuwHZUsAJ.exe, 00000013.00000002.3247791961.0000000000FD1000.00000002.00000001.00040000.00000000.sdmp, zRLeaVuwHZUsAJ.exe, 00000014.00000000.2937176804.0000000000FD1000.00000002.00000001.00040000.00000000.sdmp, zRLeaVuwHZUsAJ.exe, 00000014.00000002.3247589029.0000000000FD1000.00000002.00000001.00040000.00000000.sdmp, zRLeaVuwHZUsAJ.exe, 00000015.00000002.3248532673.0000000000E41000.00000002.00000001.00040000.00000000.sdmp, zRLeaVuwHZUsAJ.exe, 00000015.00000000.2939536728.0000000000E41000.00000002.00000001.00040000.00000000.sdmp, zRLeaVuwHZUsAJ.exe, 00000016.00000000.2940965142.00000000013A1000.00000002.00000001.00040000.00000000.sdmp, zRLeaVuwHZUsAJ.exe, 00000016.00000002.3246722873.00000000013A1000.00000002.00000001.00040000.00000000.sdmp, zRLeaVuwHZUsAJ.exe, 00000017.00000002.3248535647.0000000000E41000.00000002.00000001.00040000.00000000.sdmp, zRLeaVuwHZUsAJ.exe, 00000017.00000000.2942525299.0000000000E41000.00000002.00000001.00040000.00000000.sdmp, zRLeaVuwHZUsAJ.exe, 00000018.00000002.3246581600.00000000013A1000.00000002.00000001.00040000.00000000.sdmp, zRLeaVuwHZUsAJ.exe, 00000018.00000000.2943582081.00000000013A1000.00000002.00000001.00040000.00000000.sdmp, zRLeaVuwHZUsAJ.exe, 00000019.00000002.3247558081.0000000000E41000.00000002.00000001.00040000.00000000.sdmp, zRLeaVuwHZUsAJ.exe, 00000019.00000000.2944515590.0000000000E41000.00000002.00000001.00040000.00000000.sdmp, zRLeaVuwHZUsAJ.exe, 0000001A.00000000.2945630814.0000000000FD1000.00000002.00000001.00040000.00000000.sdmpString found in binary or memory: https://maskreason.xyz/pe/build.php?pe=1&sub=&source=2268&s1=46134022&title=UmVhbCBGaWxlcw%3D%3D&ti=
Source: winrar-x64-620b2.tmp, 00000001.00000002.3251084046.0000000002414000.00000004.00001000.00020000.00000000.sdmp, winrar-x64-620b2.tmp, 00000001.00000003.2113868914.00000000009F4000.00000004.00000020.00020000.00000000.sdmp, winrar-x64-620b2.tmp, 00000001.00000002.3240288278.00000000009EE000.00000004.00000020.00020000.00000000.sdmp, winrar-x64-620b2.tmp, 00000001.00000002.3251084046.0000000002492000.00000004.00001000.00020000.00000000.sdmp, winrar-x64-620b2.tmp, 00000001.00000003.2113559302.0000000000993000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://maskreason.xyz/pe/output/setup_2485076.exe
Source: winrar-x64-620b2.tmp, 00000001.00000003.2113559302.00000000009E9000.00000004.00000020.00020000.00000000.sdmp, winrar-x64-620b2.tmp, 00000001.00000003.2113868914.00000000009F4000.00000004.00000020.00020000.00000000.sdmp, winrar-x64-620b2.tmp, 00000001.00000002.3240288278.00000000009EE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://maskreason.xyz/pe/output/setup_2485076.exeN
Source: winrar-x64-620b2.tmp, 00000001.00000002.3240288278.0000000000997000.00000004.00000020.00020000.00000000.sdmp, winrar-x64-620b2.tmp, 00000001.00000003.2113559302.0000000000993000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://maskreason.xyz/pe/output/setup_2485076.exeX
Source: video_conference_popout.json.8.drString found in binary or memory: https://meet.google.com/
Source: video_conference_popout.json.8.drString found in binary or memory: https://meet.google.com/.
Source: video_conference_popout.json.8.drString found in binary or memory: https://meet.google.com/about.
Source: video_conference_popout.json.8.drString found in binary or memory: https://meet.jit.si/
Source: video_conference_popout.json.8.drString found in binary or memory: https://meet.jit.si/.
Source: video_conference_popout.json.8.drString found in binary or memory: https://meet.jit.si/static.
Source: installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://music.apple.com/at/browse
Source: installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://music.apple.com/au/browse
Source: installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://music.apple.com/be/browse
Source: installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://music.apple.com/bg/browse
Source: installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://music.apple.com/br/browse
Source: installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://music.apple.com/by/browse
Source: installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://music.apple.com/ca/browse
Source: installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://music.apple.com/ch/browse
Source: installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://music.apple.com/cn/browse
Source: installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://music.apple.com/cz/browse
Source: installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://music.apple.com/de/browse
Source: installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://music.apple.com/dk/browse
Source: installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://music.apple.com/eg/browse
Source: installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://music.apple.com/es/browse
Source: installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://music.apple.com/fi/browse
Source: installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://music.apple.com/fr/browse
Source: installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://music.apple.com/gb/browse
Source: installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://music.apple.com/hu/browse
Source: installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://music.apple.com/id/browse
Source: installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://music.apple.com/in/browse
Source: installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://music.apple.com/it/browse
Source: installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://music.apple.com/jp/browse
Source: installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://music.apple.com/ke/browse
Source: installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://music.apple.com/kr/browse
Source: installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://music.apple.com/kz/browse
Source: installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://music.apple.com/ma/browse
Source: installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://music.apple.com/mx/browse
Source: installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://music.apple.com/my/browse
Source: installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://music.apple.com/ng/browse
Source: installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://music.apple.com/nl/browse
Source: installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://music.apple.com/no/browse
Source: installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://music.apple.com/ph/browse
Source: installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://music.apple.com/pl/browse
Source: installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://music.apple.com/ro/browse
Source: installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://music.apple.com/rs/browse
Source: installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://music.apple.com/ru/browse
Source: installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://music.apple.com/se/browse
Source: installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://music.apple.com/sg/browse
Source: installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://music.apple.com/sk/browse
Source: installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://music.apple.com/th/browse
Source: installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://music.apple.com/tr/browse
Source: installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://music.apple.com/ua/browse
Source: installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://music.apple.com/us/browse
Source: installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://music.apple.com/vn/browse
Source: installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://music.apple.com/za/browse
Source: installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://music.youtube.com
Source: setup.exe, 00000003.00000003.3196467979.00000000059DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://net.geo.opera.com/
Source: setup.exe, 00000003.00000002.3254369073.00000000059DC000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000003.00000003.3196467979.00000000059DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://net.geo.opera.com/lfons
Source: setup.exe, 00000003.00000002.3243273604.00000000007ED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://net.geo.opera.com/opera_gx/stable/edition/std-1?utm_source=PWNgames&utm_medium=pa&utm_campai
Source: installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nova.rambler.ru/suggest?v=3&query=
Source: installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://oauth.play.pl/login
Source: installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://offer.tidal.com
Source: installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://open.spotify.com
Source: ru.pak.8.drString found in binary or memory: https://opera.cloudflare-dns.com/dns-query
Source: hu.pak.8.drString found in binary or memory: https://opera.cloudflare-dns.com/dns-queryEgy
Source: set_0.exe, set_0.exe, 00000009.00000002.3133575012.0000000000620000.00000040.00000001.01000000.0000000C.sdmp, installer.exe, 0000000E.00000000.2900452325.00007FF6C8757000.00000002.00000001.01000000.00000015.sdmp, installer.exe, 0000000F.00000002.3123167236.00007FF6C8757000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: https://opera.com/privacy
Source: explorer.exe, 00000012.00000002.3289386190.0000000009BA5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000000.2923951746.0000000009B41000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000003.3096211211.0000000009BA0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://outlook.com
Source: set_0.exe, 00000005.00000002.3143372418.00000000005FA000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000006.00000002.3155150882.00000000005FA000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000007.00000002.2257434736.000000000082A000.00000040.00000001.01000000.0000000F.sdmp, set_0.exe, 00000008.00000002.3114831364.00000000005FA000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000009.00000002.3133575012.00000000005FA000.00000040.00000001.01000000.0000000C.sdmp, installer.exe, 0000000E.00000000.2900452325.00007FF6C8757000.00000002.00000001.01000000.00000015.sdmp, installer.exe, 0000000F.00000002.3123167236.00007FF6C8757000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: https://policies.google.com/terms;
Source: explorer.exe, 00000012.00000000.2926390301.000000000C460000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000002.3309667908.000000000C460000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://powerpoint.office.comcember
Source: setup.exe, 00000003.00000002.3243273604.00000000007ED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://rabbitsseed.xyz/
Source: setup.exe, 00000003.00000002.3243273604.000000000078E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://rabbitsseed.xyz/star.php?a=2268&cc=US&t=1711816681
Source: setup.exe, 00000003.00000002.3243273604.000000000078E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://rabbitsseed.xyz/star.php?a=2268&cc=US&t=1711816681InnoDownloadPlugin/1.5/USERAGENT/silentget
Source: setup.exe, 00000003.00000002.3243273604.000000000078E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://rabbitsseed.xyz/star.php?a=2268&cc=US&t=1711816681asV
Source: installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://redir.opera.com/amazon/?q=
Source: installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://redir.opera.com/search/rambler/?q=
Source: set_0.exe, set_0.exe, 00000009.00000002.3133575012.0000000000620000.00000040.00000001.01000000.0000000C.sdmp, installer.exe, 0000000E.00000000.2900452325.00007FF6C8757000.00000002.00000001.01000000.00000015.sdmp, installer.exe, 0000000F.00000002.3123167236.00007FF6C8757000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: https://redir.opera.com/uninstallsurvey/
Source: installer.exe, 0000000E.00000002.3112347962.000002E0002EC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://redir.opera.com/www.opera.com/gx/firstrun/?utm_campaign=PWN_US_PB3_DD_3661&utm_content=3661_
Source: Inter-LightItalic.ttf.8.dr, Inter-ExtraBold.ttf.8.drString found in binary or memory: https://rsms.me/https://rsms.me/This
Source: installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://search.seznam.cz/?q=
Source: installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://search.yahoo.co.jp/search?ei=
Source: installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://search.yahoo.com/favicon.ico
Source: installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://search.yahoo.com/search?ei=
Source: installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://soundcloud.com/
Source: set_0.exe, set_0.exe, 00000009.00000002.3133575012.00000000005FA000.00000040.00000001.01000000.0000000C.sdmp, installer.exe, 0000000E.00000000.2900452325.00007FF6C8757000.00000002.00000001.01000000.00000015.sdmp, installer.exe, 0000000F.00000002.3123167236.00007FF6C8757000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: https://sourcecode.opera.com
Source: installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://suggest.yandex.com.tr/suggest-opera?part=
Source: ru.pak.8.drString found in binary or memory: https://support.google.com/chrome/a/?p=block_warn
Source: hu.pak.8.dr, ru.pak.8.drString found in binary or memory: https://support.google.com/chrome/a/answer/9122284
Source: ru.pak.8.drString found in binary or memory: https://sync.opera.com
Source: hu.pak.8.drString found in binary or memory: https://sync.opera.com$1
Source: video_conference_popout.json.8.drString found in binary or memory: https://teams.live.com/_#/pre-join-calling/
Source: set_0.exe, 00000005.00000002.3143372418.00000000005FA000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000006.00000002.3155150882.00000000005FA000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000007.00000002.2257434736.000000000082A000.00000040.00000001.01000000.0000000F.sdmp, set_0.exe, 00000008.00000002.3114831364.00000000005FA000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000009.00000002.3133575012.00000000005FA000.00000040.00000001.01000000.0000000C.sdmp, installer.exe, 0000000E.00000000.2900452325.00007FF6C8757000.00000002.00000001.01000000.00000015.sdmp, installer.exe, 0000000F.00000002.3123167236.00007FF6C8757000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: https://telegram.org/tos/
Source: installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://translate.yandex.fr/?text=
Source: installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://translate.yandex.net/main/v2.92.1465389915/i/favicon.ico
Source: set_0.exe, set_0.exe, 00000009.00000002.3133575012.00000000005FA000.00000040.00000001.01000000.0000000C.sdmp, installer.exe, 0000000E.00000000.2900452325.00007FF6C8757000.00000002.00000001.01000000.00000015.sdmp, installer.exe, 0000000F.00000002.3123167236.00007FF6C8757000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: https://twitter.com/en/tos;
Source: installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/oauth
Source: video_conference_popout.json.8.drString found in binary or memory: https://whereby.com/
Source: video_conference_popout.json.8.drString found in binary or memory: https://whereby.com/.
Source: video_conference_popout.json.8.drString found in binary or memory: https://whereby.com/blog.
Source: video_conference_popout.json.8.drString found in binary or memory: https://whereby.com/information.
Source: video_conference_popout.json.8.drString found in binary or memory: https://whereby.com/sitemap.
Source: video_conference_popout.json.8.drString found in binary or memory: https://whereby.com/user.
Source: explorer.exe, 00000012.00000000.2923951746.00000000099C0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000002.3280950871.00000000099C0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://wns.windows.com/)s
Source: explorer.exe, 00000012.00000000.2923951746.00000000099C0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000002.3280950871.00000000099C0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://word.office.comon
Source: installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/favicon.ico
Source: installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.baidu.com/baidu?wd=
Source: installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.baidu.com/favicon.ico
Source: setup.exe, 00000003.00000002.3254369073.00000000059DC000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000003.00000003.3196467979.00000000059DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.biphic.com/
Source: setup.exe, 00000003.00000002.3254369073.00000000059D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.biphic.com/6X6S73Q/KLT11XW/?sub1=2353&sub2=2353
Source: setup.exe, 00000003.00000002.3254369073.00000000059D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.biphic.com/6X6S73Q/KLT11XW/?sub1=2353&sub2=2353DW
Source: installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.deezer.com
Source: installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.deezer.com/bg/login
Source: installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.deezer.com/br/login
Source: installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.deezer.com/cz/login
Source: installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.deezer.com/de/login
Source: installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.deezer.com/en/login
Source: installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.deezer.com/es/login
Source: installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.deezer.com/fi/login
Source: installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.deezer.com/fr/login
Source: installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.deezer.com/hu/login
Source: installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.deezer.com/id/login
Source: installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.deezer.com/it/login
Source: installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.deezer.com/mx/login
Source: installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.deezer.com/nl/login
Source: installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.deezer.com/no/login
Source: installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.deezer.com/pl/login
Source: installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.deezer.com/ro/login
Source: installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.deezer.com/ru/login
Source: installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.deezer.com/se/login
Source: installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.deezer.com/sk/login
Source: installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.deezer.com/sr/login
Source: installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.deezer.com/th/login
Source: installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.deezer.com/tr/login
Source: installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.deezer.com/us/login
Source: setup.exe, 00000003.00000002.3254369073.00000000059DC000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000003.00000003.3196467979.00000000059DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.densel.cloud/
Source: setup.exe, 00000003.00000002.3243273604.0000000000837000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.densel.cloud/0
Source: setup.exe, 00000003.00000002.3254369073.00000000059DC000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000003.00000003.3196467979.00000000059DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.densel.cloud/1=a
Source: setup.exe, 00000003.00000002.3254369073.00000000059DC000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000003.00000003.3196467979.00000000059DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.densel.cloud/Q%
Source: setup.exe, 00000003.00000002.3243273604.0000000000837000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.densel.cloud/browser/Icrepplo_98220.exe
Source: setup.exe, 00000003.00000002.3243273604.0000000000837000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.densel.cloud/browser/Icrepplo_98220.exeB
Source: set_0.exe, 00000005.00000003.2704275037.0000000029F64000.00000004.00001000.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.3142774435.0000000029E0C000.00000004.00001000.00020000.00000000.sdmp, set_0.exe, 00000005.00000002.3151436541.00000000047D6000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000002.3150230282.00000000012C5000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2545685055.0000000003509000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2546116420.00000000005A0000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2545685055.00000000037DD000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2546248972.0000000003DB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.digicert.com/CPS0
Source: installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/search?client=opera&q=
Source: installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/favicon.ico
Source: installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search?client=opera-gx&q=
Source: setup.exe, 00000003.00000002.3243273604.000000000078E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.inlogbrowser.com/eula.txt
Source: setup.exe, 00000003.00000002.3243273604.000000000078E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.inlogbrowser.com/pp.txt
Source: winrar-x64-620b2.exe, 00000000.00000003.1964702171.00000000024F0000.00000004.00001000.00020000.00000000.sdmp, winrar-x64-620b2.exe, 00000000.00000003.1965021231.000000007FB70000.00000004.00001000.00020000.00000000.sdmp, winrar-x64-620b2.tmp, 00000001.00000000.1966410123.0000000000401000.00000020.00000001.01000000.00000004.sdmpString found in binary or memory: https://www.innosetup.com/
Source: setup.exe, 00000003.00000002.3243273604.000000000078E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.iubenda.com/privacy-policy/216992
Source: setup.exe, 00000003.00000002.3243273604.000000000078E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.joinmassive.com/faq
Source: set_0.exe, set_0.exe, 00000009.00000002.3133575012.0000000000620000.00000040.00000001.01000000.0000000C.sdmp, installer.exe, 0000000E.00000000.2900452325.00007FF6C8757000.00000002.00000001.01000000.00000015.sdmp, installer.exe, 0000000F.00000002.3123167236.00007FF6C8757000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: https://www.opera.com
Source: set_0.exe, 00000005.00000002.3143372418.0000000000620000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000006.00000002.3155150882.0000000000620000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000007.00000002.2257434736.0000000000850000.00000040.00000001.01000000.0000000F.sdmp, set_0.exe, 00000008.00000002.3114831364.0000000000620000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000009.00000002.3133575012.0000000000620000.00000040.00000001.01000000.0000000C.sdmp, installer.exe, 0000000E.00000000.2900452325.00007FF6C8757000.00000002.00000001.01000000.00000015.sdmp, installer.exe, 0000000F.00000002.3123167236.00007FF6C8757000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: https://www.opera.com..
Source: set_0.exe, set_0.exe, 00000009.00000002.3133575012.0000000000620000.00000040.00000001.01000000.0000000C.sdmp, installer.exe, 0000000E.00000000.2900452325.00007FF6C8757000.00000002.00000001.01000000.00000015.sdmp, installer.exe, 0000000F.00000002.3123167236.00007FF6C8757000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: https://www.opera.com/gx/
Source: installer.exe, 0000000F.00000002.3123167236.00007FF6C8757000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: https://www.opera.com/privacy
Source: installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.rambler.ru/favicon.ico
Source: winrar-x64-620b2.exe, 00000000.00000003.1964702171.00000000024F0000.00000004.00001000.00020000.00000000.sdmp, winrar-x64-620b2.exe, 00000000.00000003.1965021231.000000007FB70000.00000004.00001000.00020000.00000000.sdmp, winrar-x64-620b2.tmp, 00000001.00000000.1966410123.0000000000401000.00000020.00000001.01000000.00000004.sdmpString found in binary or memory: https://www.remobjects.com/ps
Source: installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.seznam.cz/favicon.ico
Source: installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.so.com/favicon.ico
Source: installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.so.com/s?src=lm&ls=sm2561755&lm_extend=ctype:31&q=
Source: setup.exe, 00000003.00000002.3243273604.000000000078E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.termsfeed.com/live/4bb495ca-d123-4f4d-a727-e9c4d0f3fabe
Source: set_0.exe, 00000005.00000002.3143372418.00000000005FA000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000006.00000002.3155150882.00000000005FA000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000007.00000002.2257434736.000000000082A000.00000040.00000001.01000000.0000000F.sdmp, set_0.exe, 00000008.00000002.3114831364.00000000005FA000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000009.00000002.3133575012.00000000005FA000.00000040.00000001.01000000.0000000C.sdmp, installer.exe, 0000000E.00000000.2900452325.00007FF6C8757000.00000002.00000001.01000000.00000015.sdmp, installer.exe, 0000000F.00000002.3123167236.00007FF6C8757000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: https://www.whatsapp.com/legal;
Source: installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.yahoo.co.jp/favicon.ico
Source: installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://yandex.com.tr/search/?clid=1669559&text=
Source: installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://yandex.fr/search/?clid=2358536&text=
Source: installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://yandex.ua/search/?clid=2358536&text=
Source: installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://yastatic.net/s3/home-static/_/92/929b10d17990e806734f68758ec917ec.png
Source: installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://yastatic.net/s3/home-static/_/f4/f47b1b3d8194c36ce660324ab55a04fe.png

Key, Mouse, Clipboard, Microphone and Screen Capturing

barindex
Contains functionality to register a low level keyboard hook
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exeCode function: 11_2_00408643 SetWindowsHookExW 00000002,Function_00008615,00000000,0000000011_2_00408643
Installs a global event hook (focus changed)
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeWindows user hook set: Path: unknown Event Start:focus Event End: focus Module: NULL
Source: C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exeCode function: 3_2_00405042 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,ShowWindow,ShowWindow,GetDlgItem,SendMessageA,SendMessageA,SendMessageA,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageA,CreatePopupMenu,AppendMenuA,GetWindowRect,TrackPopupMenu,SendMessageA,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageA,GlobalUnlock,SetClipboardData,CloseClipboard,3_2_00405042
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeFile created: C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2E248BEDDBB2D85122423C41028BFD4Jump to dropped file

System Summary

barindex
PE file has a writeable .text section
Source: idman641build3.exe.3.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_LOCKED, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 12_2_00862770: CreateFileW,DeviceIoControl,GetLastError,12_2_00862770
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 12_2_008A4EE0 SetHandleInformation,SetHandleInformation,CreateEnvironmentBlock,CreateProcessAsUserW,DestroyEnvironmentBlock,GetEnvironmentStringsW,FreeEnvironmentStringsW,CreateProcessW,AssignProcessToJobObject,AllowSetForegroundWindow,WaitForSingleObject,12_2_008A4EE0
Source: C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exeCode function: 3_2_0040323C EntryPoint,#17,SetErrorMode,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcmpiA,CreateDirectoryA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,ExitWindowsEx,ExitProcess,3_2_0040323C
Source: C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exeCode function: 3_2_004048533_2_00404853
Source: C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exeCode function: 3_2_004061313_2_00406131
Source: C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exeCode function: 3_2_6C5416443_2_6C541644
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exeCode function: 11_2_0040575011_2_00405750
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exeCode function: 11_2_0041304B11_2_0041304B
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exeCode function: 11_2_0040AD4011_2_0040AD40
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exeCode function: 11_2_0041291011_2_00412910
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exeCode function: 11_2_004132E311_2_004132E3
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exeCode function: 11_2_00412F7111_2_00412F71
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 12_2_00890EE012_2_00890EE0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 12_2_008BB18D12_2_008BB18D
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 12_2_008BF1B412_2_008BF1B4
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 12_2_008BF78212_2_008BF782
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 12_2_0090206C12_2_0090206C
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 12_2_008B019012_2_008B0190
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 12_2_0084A17012_2_0084A170
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 12_2_0085029012_2_00850290
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 12_2_008B22C012_2_008B22C0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 12_2_0087848012_2_00878480
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 12_2_0089441012_2_00894410
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 12_2_0098243A12_2_0098243A
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 12_2_008507C012_2_008507C0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 12_2_0089473012_2_00894730
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 12_2_0086074612_2_00860746
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 12_2_0099C89C12_2_0099C89C
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 12_2_008948E012_2_008948E0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 12_2_0098086412_2_00980864
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 12_2_008CA9F012_2_008CA9F0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 12_2_0099C95412_2_0099C954
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 12_2_00898AC012_2_00898AC0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 12_2_00982ACB12_2_00982ACB
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 12_2_00856C7612_2_00856C76
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 12_2_00936D0E12_2_00936D0E
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 12_2_009A4EB612_2_009A4EB6
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 12_2_00898EC012_2_00898EC0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 12_2_0090D01412_2_0090D014
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 12_2_0086918012_2_00869180
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 12_2_0098118912_2_00981189
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 12_2_009011A612_2_009011A6
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 12_2_0098313012_2_00983130
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 12_2_008D13D412_2_008D13D4
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 12_2_0084F3EC12_2_0084F3EC
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 12_2_0089737012_2_00897370
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 12_2_0090949412_2_00909494
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 12_2_008594D212_2_008594D2
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 12_2_008A54D012_2_008A54D0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 12_2_008C94F012_2_008C94F0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 12_2_009335F412_2_009335F4
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 12_2_0088D7D012_2_0088D7D0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 12_2_008AF8B012_2_008AF8B0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 12_2_0090D98E12_2_0090D98E
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 12_2_00983A9D12_2_00983A9D
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 12_2_0084DA7812_2_0084DA78
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 12_2_0097FBCF12_2_0097FBCF
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 12_2_008AFB0012_2_008AFB00
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 12_2_009A1B4112_2_009A1B41
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 12_2_0085BC7012_2_0085BC70
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 12_2_008D3DE012_2_008D3DE0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 12_2_008A5D1012_2_008A5D10
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 12_2_008AFD1012_2_008AFD10
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 12_2_008DFE3012_2_008DFE30
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 12_2_0097BFB012_2_0097BFB0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 12_2_0084FFC012_2_0084FFC0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 12_2_0085DF4012_2_0085DF40
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 13_2_0090206C13_2_0090206C
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 13_2_00936D0E13_2_00936D0E
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 13_2_0084A17013_2_0084A170
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 13_2_0085029013_2_00850290
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 13_2_008B22C013_2_008B22C0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 13_2_008E825713_2_008E8257
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 13_2_008B639013_2_008B6390
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 13_2_0087848013_2_00878480
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 13_2_0089441013_2_00894410
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 13_2_0098243A13_2_0098243A
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 13_2_008AC46013_2_008AC460
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 13_2_0091E6D013_2_0091E6D0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 13_2_008507C013_2_008507C0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 13_2_0090C71813_2_0090C718
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 13_2_0089473013_2_00894730
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 13_2_0086074613_2_00860746
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 13_2_0099C89C13_2_0099C89C
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 13_2_008948E013_2_008948E0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 13_2_008F886013_2_008F8860
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 13_2_0098086413_2_00980864
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 13_2_008CA9F013_2_008CA9F0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 13_2_0099C95413_2_0099C954
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 13_2_008E694013_2_008E6940
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 13_2_00898AC013_2_00898AC0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 13_2_00982ACB13_2_00982ACB
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 13_2_008EAA5013_2_008EAA50
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 13_2_008B2B1013_2_008B2B10
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 13_2_008E6CB013_2_008E6CB0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 13_2_00856C7613_2_00856C76
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 13_2_008BEDD013_2_008BEDD0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 13_2_008E6DE013_2_008E6DE0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 13_2_008EAE8013_2_008EAE80
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 13_2_009A4EB613_2_009A4EB6
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 13_2_00898EC013_2_00898EC0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 13_2_00890EE013_2_00890EE0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 13_2_0090AE1813_2_0090AE18
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 13_2_008E6F9013_2_008E6F90
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 13_2_008D6F5013_2_008D6F50
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 13_2_0090D01413_2_0090D014
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 13_2_008E505513_2_008E5055
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 13_2_008BB18D13_2_008BB18D
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 13_2_0086918013_2_00869180
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 13_2_0098118913_2_00981189
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 13_2_009011A613_2_009011A6
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 13_2_008BF1B413_2_008BF1B4
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 13_2_0098313013_2_00983130
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 13_2_008F728013_2_008F7280
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 13_2_008D13D413_2_008D13D4
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 13_2_008E733013_2_008E7330
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 13_2_0089737013_2_00897370
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 13_2_0090949413_2_00909494
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 13_2_008594D213_2_008594D2
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 13_2_008A54D013_2_008A54D0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 13_2_008C94F013_2_008C94F0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 13_2_0090B43613_2_0090B436
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 13_2_009335F413_2_009335F4
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 13_2_0084F50413_2_0084F504
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 13_2_008C752013_2_008C7520
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 13_2_008EB54D13_2_008EB54D
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 13_2_008E554013_2_008E5540
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 13_2_008EB66D13_2_008EB66D
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 13_2_008BF78213_2_008BF782
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 13_2_0088D7D013_2_0088D7D0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 13_2_008AD72F13_2_008AD72F
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 13_2_008EB74913_2_008EB749
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 13_2_008AF8B013_2_008AF8B0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 13_2_008E78C013_2_008E78C0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 13_2_0090D98E13_2_0090D98E
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 13_2_0090B93413_2_0090B934
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 13_2_00983A9D13_2_00983A9D
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 13_2_008EBAD513_2_008EBAD5
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 13_2_008EDA7D13_2_008EDA7D
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 13_2_0084DA7813_2_0084DA78
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 13_2_0097FBCF13_2_0097FBCF
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 13_2_008AFB0013_2_008AFB00
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 13_2_008F7B4013_2_008F7B40
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 13_2_009A1B4113_2_009A1B41
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 13_2_008EBCDD13_2_008EBCDD
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 13_2_0085BC7013_2_0085BC70
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 13_2_008D5DD013_2_008D5DD0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 13_2_008D3DE013_2_008D3DE0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 13_2_00925D0013_2_00925D00
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 13_2_008A5D1013_2_008A5D10
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 13_2_008AFD1013_2_008AFD10
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 13_2_008E9E8013_2_008E9E80
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 13_2_008E7EB013_2_008E7EB0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 13_2_008DFE3013_2_008DFE30
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 13_2_0097BFB013_2_0097BFB0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 13_2_008D5FB013_2_008D5FB0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 13_2_0084FFC013_2_0084FFC0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 13_2_008B7F3A13_2_008B7F3A
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 13_2_0085DF4013_2_0085DF40
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exeCode function: String function: 004026DC appears 38 times
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: String function: 0088C9E0 appears 81 times
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: String function: 00843696 appears 128 times
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: String function: 00997CF8 appears 49 times
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: String function: 00888B80 appears 49 times
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: String function: 00880C44 appears 56 times
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: String function: 0088BEC0 appears 276 times
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: String function: 00880AA2 appears 39 times
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: String function: 00881BBC appears 34 times
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: String function: 0088BE50 appears 79 times
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: String function: 0097A840 appears 85 times
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: String function: 009942D0 appears 116 times
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: String function: 0088B9C0 appears 154 times
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: String function: 00841741 appears 411 times
Source: winrar-x64-620b2.tmp.0.drStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: is-LASMM.tmp.1.drStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: installer.exe.8.drStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (DLL) (console) x86-64, for MS Windows
Source: installer.exe.8.drStatic PE information: Number of sections : 11 > 10
Source: opera_elf.dll.8.drStatic PE information: Number of sections : 11 > 10
Source: mojo_core.dll.8.drStatic PE information: Number of sections : 11 > 10
Source: opera_crashreporter.exe.8.drStatic PE information: Number of sections : 13 > 10
Source: vulkan-1.dll.8.drStatic PE information: Number of sections : 11 > 10
Source: libGLESv2.dll.8.drStatic PE information: Number of sections : 11 > 10
Source: Opera_installer_2403301639264782764.dll.15.drStatic PE information: Number of sections : 15 > 10
Source: launcher.exe.14.drStatic PE information: Number of sections : 13 > 10
Source: opera_gx_splash.exe.8.drStatic PE information: Number of sections : 11 > 10
Source: launcher.exe.8.drStatic PE information: Number of sections : 13 > 10
Source: opera_autoupdate.exe.8.drStatic PE information: Number of sections : 14 > 10
Source: libEGL.dll.8.drStatic PE information: Number of sections : 11 > 10
Source: opera.exe.8.drStatic PE information: Number of sections : 11 > 10
Source: win10_share_handler.dll.8.drStatic PE information: Number of sections : 11 > 10
Source: notification_helper.exe.8.drStatic PE information: Number of sections : 12 > 10
Source: opera_browser.dll.8.drStatic PE information: Number of sections : 15 > 10
Source: installer_helper_64.exe.8.drStatic PE information: Number of sections : 11 > 10
Source: Opera_installer_2403301639261945676.dll.14.drStatic PE information: Number of sections : 15 > 10
Source: dxcompiler.dll.8.drStatic PE information: Number of sections : 11 > 10
Source: vk_swiftshader.dll.8.drStatic PE information: Number of sections : 11 > 10
Source: opera.exe.14.drStatic PE information: Number of sections : 11 > 10
Source: winrar-x64-620b2.exe, 00000000.00000002.3237398481.0000000002218000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamekernel32j% vs winrar-x64-620b2.exe
Source: winrar-x64-620b2.exe, 00000000.00000000.1963197649.00000000004C6000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFileName vs winrar-x64-620b2.exe
Source: winrar-x64-620b2.exe, 00000000.00000003.1964702171.00000000024F0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFileName vs winrar-x64-620b2.exe
Source: winrar-x64-620b2.exe, 00000000.00000003.1965021231.000000007FB70000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFileName vs winrar-x64-620b2.exe
Source: winrar-x64-620b2.exeBinary or memory string: OriginalFileName vs winrar-x64-620b2.exe
Source: C:\Users\user\Desktop\winrar-x64-620b2.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\winrar-x64-620b2.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Users\user\Desktop\winrar-x64-620b2.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\Desktop\winrar-x64-620b2.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\winrar-x64-620b2.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LCQTO.tmp\winrar-x64-620b2.tmpSection loaded: mpr.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LCQTO.tmp\winrar-x64-620b2.tmpSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LCQTO.tmp\winrar-x64-620b2.tmpSection loaded: netapi32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LCQTO.tmp\winrar-x64-620b2.tmpSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LCQTO.tmp\winrar-x64-620b2.tmpSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LCQTO.tmp\winrar-x64-620b2.tmpSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LCQTO.tmp\winrar-x64-620b2.tmpSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LCQTO.tmp\winrar-x64-620b2.tmpSection loaded: wtsapi32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LCQTO.tmp\winrar-x64-620b2.tmpSection loaded: winsta.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LCQTO.tmp\winrar-x64-620b2.tmpSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LCQTO.tmp\winrar-x64-620b2.tmpSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LCQTO.tmp\winrar-x64-620b2.tmpSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LCQTO.tmp\winrar-x64-620b2.tmpSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LCQTO.tmp\winrar-x64-620b2.tmpSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LCQTO.tmp\winrar-x64-620b2.tmpSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LCQTO.tmp\winrar-x64-620b2.tmpSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LCQTO.tmp\winrar-x64-620b2.tmpSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LCQTO.tmp\winrar-x64-620b2.tmpSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LCQTO.tmp\winrar-x64-620b2.tmpSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LCQTO.tmp\winrar-x64-620b2.tmpSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LCQTO.tmp\winrar-x64-620b2.tmpSection loaded: shfolder.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LCQTO.tmp\winrar-x64-620b2.tmpSection loaded: rstrtmgr.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LCQTO.tmp\winrar-x64-620b2.tmpSection loaded: ncrypt.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LCQTO.tmp\winrar-x64-620b2.tmpSection loaded: ntasn1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LCQTO.tmp\winrar-x64-620b2.tmpSection loaded: textshaping.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LCQTO.tmp\winrar-x64-620b2.tmpSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LCQTO.tmp\winrar-x64-620b2.tmpSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LCQTO.tmp\winrar-x64-620b2.tmpSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LCQTO.tmp\winrar-x64-620b2.tmpSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LCQTO.tmp\winrar-x64-620b2.tmpSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LCQTO.tmp\winrar-x64-620b2.tmpSection loaded: webio.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LCQTO.tmp\winrar-x64-620b2.tmpSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LCQTO.tmp\winrar-x64-620b2.tmpSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LCQTO.tmp\winrar-x64-620b2.tmpSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LCQTO.tmp\winrar-x64-620b2.tmpSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LCQTO.tmp\winrar-x64-620b2.tmpSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LCQTO.tmp\winrar-x64-620b2.tmpSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LCQTO.tmp\winrar-x64-620b2.tmpSection loaded: explorerframe.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LCQTO.tmp\winrar-x64-620b2.tmpSection loaded: schannel.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LCQTO.tmp\winrar-x64-620b2.tmpSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LCQTO.tmp\winrar-x64-620b2.tmpSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LCQTO.tmp\winrar-x64-620b2.tmpSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LCQTO.tmp\winrar-x64-620b2.tmpSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LCQTO.tmp\winrar-x64-620b2.tmpSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LCQTO.tmp\winrar-x64-620b2.tmpSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LCQTO.tmp\winrar-x64-620b2.tmpSection loaded: gpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LCQTO.tmp\winrar-x64-620b2.tmpSection loaded: dpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LCQTO.tmp\winrar-x64-620b2.tmpSection loaded: sfc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LCQTO.tmp\winrar-x64-620b2.tmpSection loaded: sfc_os.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LCQTO.tmp\winrar-x64-620b2.tmpSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LCQTO.tmp\winrar-x64-620b2.tmpSection loaded: uiautomationcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LCQTO.tmp\winrar-x64-620b2.tmpSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LCQTO.tmp\winrar-x64-620b2.tmpSection loaded: oleacc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exeSection loaded: acgenral.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exeSection loaded: samcli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exeSection loaded: msacm32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exeSection loaded: mpr.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exeSection loaded: winmmbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exeSection loaded: winmmbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exeSection loaded: sfc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exeSection loaded: shfolder.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exeSection loaded: riched20.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exeSection loaded: usp10.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exeSection loaded: msls31.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exeSection loaded: schannel.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeSection loaded: acgenral.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeSection loaded: samcli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeSection loaded: msacm32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeSection loaded: mpr.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeSection loaded: winmmbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeSection loaded: winmmbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeSection loaded: sfc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeSection loaded: msimg32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeSection loaded: dbgcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeSection loaded: schannel.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeSection loaded: cryptnet.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeSection loaded: webio.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeSection loaded: acgenral.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeSection loaded: samcli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeSection loaded: msacm32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeSection loaded: mpr.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeSection loaded: winmmbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeSection loaded: winmmbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeSection loaded: sfc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeSection loaded: msimg32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeSection loaded: dbgcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\set_0.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\set_0.exeSection loaded: acgenral.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\set_0.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\set_0.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\set_0.exeSection loaded: samcli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\set_0.exeSection loaded: msacm32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\set_0.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\set_0.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\set_0.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\set_0.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\set_0.exeSection loaded: mpr.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\set_0.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\set_0.exeSection loaded: winmmbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\set_0.exeSection loaded: winmmbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\set_0.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\set_0.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\set_0.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\set_0.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\set_0.exeSection loaded: sfc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\set_0.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\set_0.exeSection loaded: msimg32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\set_0.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\set_0.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\set_0.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\set_0.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\set_0.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\set_0.exeSection loaded: dbgcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\set_0.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\set_0.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeSection loaded: acgenral.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeSection loaded: samcli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeSection loaded: msacm32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeSection loaded: mpr.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeSection loaded: winmmbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeSection loaded: winmmbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeSection loaded: sfc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeSection loaded: msimg32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeSection loaded: dbgcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeSection loaded: acgenral.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeSection loaded: samcli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeSection loaded: msacm32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeSection loaded: mpr.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeSection loaded: winmmbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeSection loaded: winmmbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeSection loaded: sfc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeSection loaded: msimg32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeSection loaded: dbgcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exeSection loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exeSection loaded: acgenral.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exeSection loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exeSection loaded: samcli.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exeSection loaded: msacm32.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exeSection loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exeSection loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exeSection loaded: dwmapi.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exeSection loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exeSection loaded: mpr.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exeSection loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exeSection loaded: winmmbase.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exeSection loaded: winmmbase.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exeSection loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exeSection loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exeSection loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exeSection loaded: aclayers.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exeSection loaded: sfc.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exeSection loaded: sfc_os.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exeSection loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exeSection loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exeSection loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeSection loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeSection loaded: acgenral.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeSection loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeSection loaded: samcli.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeSection loaded: msacm32.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeSection loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeSection loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeSection loaded: dwmapi.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeSection loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeSection loaded: mpr.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeSection loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeSection loaded: winmmbase.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeSection loaded: winmmbase.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeSection loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeSection loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeSection loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeSection loaded: aclayers.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeSection loaded: sfc.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeSection loaded: sfc_os.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeSection loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeSection loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeSection loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeSection loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeSection loaded: dbgcore.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeSection loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeSection loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeSection loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeSection loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeSection loaded: acgenral.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeSection loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeSection loaded: samcli.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeSection loaded: msacm32.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeSection loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeSection loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeSection loaded: dwmapi.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeSection loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeSection loaded: mpr.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeSection loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeSection loaded: winmmbase.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeSection loaded: winmmbase.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeSection loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeSection loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeSection loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeSection loaded: aclayers.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeSection loaded: sfc.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeSection loaded: sfc_os.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeSection loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeSection loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeSection loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeSection loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeSection loaded: dbgcore.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeSection loaded: version.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeSection loaded: msimg32.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeSection loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeSection loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeSection loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeSection loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeSection loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeSection loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeSection loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeSection loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeSection loaded: dbgcore.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeSection loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeSection loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeSection loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeSection loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeSection loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeSection loaded: linkinfo.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeSection loaded: ntshrui.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeSection loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeSection loaded: cscapi.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeSection loaded: appresolver.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeSection loaded: bcp47langs.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeSection loaded: slc.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeSection loaded: sppc.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeSection loaded: windows.staterepositoryps.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeSection loaded: windows.fileexplorer.common.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeSection loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeSection loaded: uiautomationcore.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeSection loaded: oleacc.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeSection loaded: coremessaging.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeSection loaded: coreuicomponents.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeSection loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeSection loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeSection loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeSection loaded: uiamanager.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeSection loaded: sxs.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeSection loaded: dwmapi.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeSection loaded: onecorecommonproxystub.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeSection loaded: actxprxy.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeSection loaded: twinapi.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeSection loaded: twinapi.appcore.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeSection loaded: taskschd.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeSection loaded: xmllite.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeSection loaded: firewallapi.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeSection loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeSection loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeSection loaded: fwbase.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeSection loaded: fwpolicyiomgr.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeSection loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeSection loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeSection loaded: version.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeSection loaded: msimg32.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeSection loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeSection loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeSection loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeSection loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeSection loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeSection loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeSection loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeSection loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeSection loaded: dbgcore.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeSection loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeSection loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeSection loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeSection loaded: iertutil.dll
Source: C:\Windows\explorer.exeSection loaded: vcruntime140_1.dll
Source: C:\Windows\explorer.exeSection loaded: vcruntime140.dll
Source: C:\Windows\explorer.exeSection loaded: msvcp140.dll
Source: C:\Windows\explorer.exeSection loaded: vcruntime140.dll
Source: C:\Windows\explorer.exeSection loaded: vcruntime140_1.dll
Source: C:\Windows\explorer.exeSection loaded: windows.cloudstore.schema.shell.dll
Source: C:\Program Files (x86)\nZAKxSqmPHiPhLDTQLuRLezesjzXVhvCmWJdKwnqhWK\zRLeaVuwHZUsAJ.exeSection loaded: uiautomationcore.dll
Source: C:\Program Files (x86)\nZAKxSqmPHiPhLDTQLuRLezesjzXVhvCmWJdKwnqhWK\zRLeaVuwHZUsAJ.exeSection loaded: propsys.dll
Source: C:\Program Files (x86)\nZAKxSqmPHiPhLDTQLuRLezesjzXVhvCmWJdKwnqhWK\zRLeaVuwHZUsAJ.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\nZAKxSqmPHiPhLDTQLuRLezesjzXVhvCmWJdKwnqhWK\zRLeaVuwHZUsAJ.exeSection loaded: oleacc.dll
Source: C:\Program Files (x86)\nZAKxSqmPHiPhLDTQLuRLezesjzXVhvCmWJdKwnqhWK\zRLeaVuwHZUsAJ.exeSection loaded: uiautomationcore.dll
Source: C:\Program Files (x86)\nZAKxSqmPHiPhLDTQLuRLezesjzXVhvCmWJdKwnqhWK\zRLeaVuwHZUsAJ.exeSection loaded: propsys.dll
Source: C:\Program Files (x86)\nZAKxSqmPHiPhLDTQLuRLezesjzXVhvCmWJdKwnqhWK\zRLeaVuwHZUsAJ.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\nZAKxSqmPHiPhLDTQLuRLezesjzXVhvCmWJdKwnqhWK\zRLeaVuwHZUsAJ.exeSection loaded: oleacc.dll
Source: C:\Program Files (x86)\nZAKxSqmPHiPhLDTQLuRLezesjzXVhvCmWJdKwnqhWK\zRLeaVuwHZUsAJ.exeSection loaded: uiautomationcore.dll
Source: C:\Program Files (x86)\nZAKxSqmPHiPhLDTQLuRLezesjzXVhvCmWJdKwnqhWK\zRLeaVuwHZUsAJ.exeSection loaded: propsys.dll
Source: C:\Program Files (x86)\nZAKxSqmPHiPhLDTQLuRLezesjzXVhvCmWJdKwnqhWK\zRLeaVuwHZUsAJ.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\nZAKxSqmPHiPhLDTQLuRLezesjzXVhvCmWJdKwnqhWK\zRLeaVuwHZUsAJ.exeSection loaded: oleacc.dll
Source: C:\Program Files (x86)\nZAKxSqmPHiPhLDTQLuRLezesjzXVhvCmWJdKwnqhWK\zRLeaVuwHZUsAJ.exeSection loaded: uiautomationcore.dll
Source: C:\Program Files (x86)\nZAKxSqmPHiPhLDTQLuRLezesjzXVhvCmWJdKwnqhWK\zRLeaVuwHZUsAJ.exeSection loaded: propsys.dll
Source: C:\Program Files (x86)\nZAKxSqmPHiPhLDTQLuRLezesjzXVhvCmWJdKwnqhWK\zRLeaVuwHZUsAJ.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\nZAKxSqmPHiPhLDTQLuRLezesjzXVhvCmWJdKwnqhWK\zRLeaVuwHZUsAJ.exeSection loaded: oleacc.dll
Source: C:\Program Files (x86)\nZAKxSqmPHiPhLDTQLuRLezesjzXVhvCmWJdKwnqhWK\zRLeaVuwHZUsAJ.exeSection loaded: uiautomationcore.dll
Source: C:\Program Files (x86)\nZAKxSqmPHiPhLDTQLuRLezesjzXVhvCmWJdKwnqhWK\zRLeaVuwHZUsAJ.exeSection loaded: propsys.dll
Source: C:\Program Files (x86)\nZAKxSqmPHiPhLDTQLuRLezesjzXVhvCmWJdKwnqhWK\zRLeaVuwHZUsAJ.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\nZAKxSqmPHiPhLDTQLuRLezesjzXVhvCmWJdKwnqhWK\zRLeaVuwHZUsAJ.exeSection loaded: oleacc.dll
Source: C:\Program Files (x86)\nZAKxSqmPHiPhLDTQLuRLezesjzXVhvCmWJdKwnqhWK\zRLeaVuwHZUsAJ.exeSection loaded: uiautomationcore.dll
Source: C:\Program Files (x86)\nZAKxSqmPHiPhLDTQLuRLezesjzXVhvCmWJdKwnqhWK\zRLeaVuwHZUsAJ.exeSection loaded: propsys.dll
Source: C:\Program Files (x86)\nZAKxSqmPHiPhLDTQLuRLezesjzXVhvCmWJdKwnqhWK\zRLeaVuwHZUsAJ.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\nZAKxSqmPHiPhLDTQLuRLezesjzXVhvCmWJdKwnqhWK\zRLeaVuwHZUsAJ.exeSection loaded: oleacc.dll
Source: C:\Program Files (x86)\nZAKxSqmPHiPhLDTQLuRLezesjzXVhvCmWJdKwnqhWK\zRLeaVuwHZUsAJ.exeSection loaded: uiautomationcore.dll
Source: C:\Program Files (x86)\nZAKxSqmPHiPhLDTQLuRLezesjzXVhvCmWJdKwnqhWK\zRLeaVuwHZUsAJ.exeSection loaded: propsys.dll
Source: C:\Program Files (x86)\nZAKxSqmPHiPhLDTQLuRLezesjzXVhvCmWJdKwnqhWK\zRLeaVuwHZUsAJ.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\nZAKxSqmPHiPhLDTQLuRLezesjzXVhvCmWJdKwnqhWK\zRLeaVuwHZUsAJ.exeSection loaded: oleacc.dll
Source: C:\Program Files (x86)\nZAKxSqmPHiPhLDTQLuRLezesjzXVhvCmWJdKwnqhWK\zRLeaVuwHZUsAJ.exeSection loaded: uiautomationcore.dll
Source: C:\Program Files (x86)\nZAKxSqmPHiPhLDTQLuRLezesjzXVhvCmWJdKwnqhWK\zRLeaVuwHZUsAJ.exeSection loaded: propsys.dll
Source: C:\Program Files (x86)\nZAKxSqmPHiPhLDTQLuRLezesjzXVhvCmWJdKwnqhWK\zRLeaVuwHZUsAJ.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\nZAKxSqmPHiPhLDTQLuRLezesjzXVhvCmWJdKwnqhWK\zRLeaVuwHZUsAJ.exeSection loaded: oleacc.dll
Source: C:\Program Files (x86)\nZAKxSqmPHiPhLDTQLuRLezesjzXVhvCmWJdKwnqhWK\zRLeaVuwHZUsAJ.exeSection loaded: uiautomationcore.dll
Source: C:\Program Files (x86)\nZAKxSqmPHiPhLDTQLuRLezesjzXVhvCmWJdKwnqhWK\zRLeaVuwHZUsAJ.exeSection loaded: propsys.dll
Source: C:\Program Files (x86)\nZAKxSqmPHiPhLDTQLuRLezesjzXVhvCmWJdKwnqhWK\zRLeaVuwHZUsAJ.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\nZAKxSqmPHiPhLDTQLuRLezesjzXVhvCmWJdKwnqhWK\zRLeaVuwHZUsAJ.exeSection loaded: oleacc.dll
Source: C:\Program Files (x86)\nZAKxSqmPHiPhLDTQLuRLezesjzXVhvCmWJdKwnqhWK\zRLeaVuwHZUsAJ.exeSection loaded: uiautomationcore.dll
Source: C:\Program Files (x86)\nZAKxSqmPHiPhLDTQLuRLezesjzXVhvCmWJdKwnqhWK\zRLeaVuwHZUsAJ.exeSection loaded: propsys.dll
Source: C:\Program Files (x86)\nZAKxSqmPHiPhLDTQLuRLezesjzXVhvCmWJdKwnqhWK\zRLeaVuwHZUsAJ.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\nZAKxSqmPHiPhLDTQLuRLezesjzXVhvCmWJdKwnqhWK\zRLeaVuwHZUsAJ.exeSection loaded: oleacc.dll
Source: C:\Program Files (x86)\nZAKxSqmPHiPhLDTQLuRLezesjzXVhvCmWJdKwnqhWK\zRLeaVuwHZUsAJ.exeSection loaded: uiautomationcore.dll
Source: C:\Program Files (x86)\nZAKxSqmPHiPhLDTQLuRLezesjzXVhvCmWJdKwnqhWK\zRLeaVuwHZUsAJ.exeSection loaded: propsys.dll
Source: C:\Program Files (x86)\nZAKxSqmPHiPhLDTQLuRLezesjzXVhvCmWJdKwnqhWK\zRLeaVuwHZUsAJ.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\nZAKxSqmPHiPhLDTQLuRLezesjzXVhvCmWJdKwnqhWK\zRLeaVuwHZUsAJ.exeSection loaded: oleacc.dll
Source: C:\Program Files (x86)\nZAKxSqmPHiPhLDTQLuRLezesjzXVhvCmWJdKwnqhWK\zRLeaVuwHZUsAJ.exeSection loaded: uiautomationcore.dll
Source: C:\Program Files (x86)\nZAKxSqmPHiPhLDTQLuRLezesjzXVhvCmWJdKwnqhWK\zRLeaVuwHZUsAJ.exeSection loaded: propsys.dll
Source: C:\Program Files (x86)\nZAKxSqmPHiPhLDTQLuRLezesjzXVhvCmWJdKwnqhWK\zRLeaVuwHZUsAJ.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\nZAKxSqmPHiPhLDTQLuRLezesjzXVhvCmWJdKwnqhWK\zRLeaVuwHZUsAJ.exeSection loaded: oleacc.dll
Source: C:\Program Files (x86)\nZAKxSqmPHiPhLDTQLuRLezesjzXVhvCmWJdKwnqhWK\zRLeaVuwHZUsAJ.exeSection loaded: uiautomationcore.dll
Source: C:\Program Files (x86)\nZAKxSqmPHiPhLDTQLuRLezesjzXVhvCmWJdKwnqhWK\zRLeaVuwHZUsAJ.exeSection loaded: propsys.dll
Source: C:\Program Files (x86)\nZAKxSqmPHiPhLDTQLuRLezesjzXVhvCmWJdKwnqhWK\zRLeaVuwHZUsAJ.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\nZAKxSqmPHiPhLDTQLuRLezesjzXVhvCmWJdKwnqhWK\zRLeaVuwHZUsAJ.exeSection loaded: oleacc.dll
Source: C:\Program Files (x86)\nZAKxSqmPHiPhLDTQLuRLezesjzXVhvCmWJdKwnqhWK\zRLeaVuwHZUsAJ.exeSection loaded: uiautomationcore.dll
Source: C:\Program Files (x86)\nZAKxSqmPHiPhLDTQLuRLezesjzXVhvCmWJdKwnqhWK\zRLeaVuwHZUsAJ.exeSection loaded: propsys.dll
Source: C:\Program Files (x86)\nZAKxSqmPHiPhLDTQLuRLezesjzXVhvCmWJdKwnqhWK\zRLeaVuwHZUsAJ.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\nZAKxSqmPHiPhLDTQLuRLezesjzXVhvCmWJdKwnqhWK\zRLeaVuwHZUsAJ.exeSection loaded: oleacc.dll
Source: C:\Program Files (x86)\nZAKxSqmPHiPhLDTQLuRLezesjzXVhvCmWJdKwnqhWK\zRLeaVuwHZUsAJ.exeSection loaded: uiautomationcore.dll
Source: winrar-x64-620b2.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
Source: classification engineClassification label: mal40.spyw.evad.winEXE@28/269@0/15
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exeCode function: 11_2_00408DD2 wvsprintfW,GetLastError,FormatMessageW,FormatMessageW,FormatMessageW,lstrlenW,lstrlenW,lstrlenW,??2@YAPAXI@Z,lstrcpyW,lstrcpyW,lstrcpyW,??3@YAXPAX@Z,LocalFree,11_2_00408DD2
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 12_2_0086051B GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,12_2_0086051B
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 13_2_0086051B GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,13_2_0086051B
Source: C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exeCode function: 3_2_00404356 GetDlgItem,SetWindowTextA,SHBrowseForFolderA,CoTaskMemFree,lstrcmpiA,lstrcatA,SetDlgItemTextA,GetDiskFreeSpaceA,MulDiv,SetDlgItemTextA,3_2_00404356
Source: C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exeCode function: 3_2_00402020 CoCreateInstance,MultiByteToWideChar,3_2_00402020
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exeCode function: 11_2_00401DF5 GetModuleHandleW,FindResourceExA,FindResourceExA,FindResourceExA,SizeofResource,LoadResource,LockResource,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,wsprintfW,LoadLibraryA,GetProcAddress,11_2_00401DF5
Source: C:\Users\user\AppData\Local\Temp\is-LCQTO.tmp\winrar-x64-620b2.tmpFile created: C:\Program Files (x86)\Real FilesJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LCQTO.tmp\winrar-x64-620b2.tmpFile created: C:\Users\user\AppData\Local\ProgramsJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeMutant created: \Sessions\1\BaseNamedObjects\Global\Opera/Installer/C:/Users/user/AppData/Local/Programs/Opera GX
Source: C:\Users\user\Desktop\winrar-x64-620b2.exeFile created: C:\Users\user\AppData\Local\Temp\is-LCQTO.tmpJump to behavior
Source: C:\Users\user\Desktop\winrar-x64-620b2.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Users\user\Desktop\winrar-x64-620b2.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LCQTO.tmp\winrar-x64-620b2.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LCQTO.tmp\winrar-x64-620b2.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exeFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\winrar-x64-620b2.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LCQTO.tmp\winrar-x64-620b2.tmpKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOrganizationJump to behavior
Source: winrar-x64-620b2.exeReversingLabs: Detection: 86%
Source: winrar-x64-620b2.exeVirustotal: Detection: 73%
Source: set_0.exeString found in binary or memory: opera-startpage-special
Source: set_0.exeString found in binary or memory: run-at-startup-default
Source: set_0.exeString found in binary or memory: replace-addons-extensions-with-gx-store-substitutes
Source: set_0.exeString found in binary or memory: run-at-startup
Source: set_0.exeString found in binary or memory: video-on-start-page
Source: set_0.exeString found in binary or memory: yat-emoji-addresses
Source: set_0.exeString found in binary or memory: installer-bypass-launcher
Source: set_0.exeString found in binary or memory: When enabled, https://addons.opera.com/en/extensions/details/dify-cashback/ extension will be added to the user's extensions
Source: set_0.exeString found in binary or memory: enable-installer-stats
Source: set_0.exeString found in binary or memory: master-copy-installation
Source: set_0.exeString found in binary or memory: launchopera-on-os-start
Source: set_0.exeString found in binary or memory: show-eula-window-on-start
Source: set_0.exeString found in binary or memory: Local\%ls/Installer/UI_lock
Source: set_0.exeString found in binary or memory: OperaInstaller/InstallationInterrupted
Source: set_0.exeString found in binary or memory: test-pre-installed-extensions-dir
Source: set_0.exeString found in binary or memory: override-additional-config-url
Source: set_0.exeString found in binary or memory: post-elevated-install-tasks
Source: set_0.exeString found in binary or memory: Try '%ls --help' for more information.
Source: set_0.exeString found in binary or memory: Try '%ls --help' for more information.
Source: set_0.exeString found in binary or memory: all-installer-experiments
Source: set_0.exeString found in binary or memory: Global\Opera/Installer/
Source: set_0.exeString found in binary or memory: ran-launcher
Source: set_0.exeString found in binary or memory: opera-startpage-special
Source: set_0.exeString found in binary or memory: run-at-startup-default
Source: set_0.exeString found in binary or memory: replace-addons-extensions-with-gx-store-substitutes
Source: set_0.exeString found in binary or memory: run-at-startup
Source: set_0.exeString found in binary or memory: video-on-start-page
Source: set_0.exeString found in binary or memory: yat-emoji-addresses
Source: set_0.exeString found in binary or memory: installer-bypass-launcher
Source: set_0.exeString found in binary or memory: When enabled, https://addons.opera.com/en/extensions/details/dify-cashback/ extension will be added to the user's extensions
Source: set_0.exeString found in binary or memory: enable-installer-stats
Source: set_0.exeString found in binary or memory: master-copy-installation
Source: set_0.exeString found in binary or memory: launchopera-on-os-start
Source: set_0.exeString found in binary or memory: show-eula-window-on-start
Source: set_0.exeString found in binary or memory: Local\%ls/Installer/UI_lock
Source: set_0.exeString found in binary or memory: OperaInstaller/InstallationInterrupted
Source: set_0.exeString found in binary or memory: test-pre-installed-extensions-dir
Source: set_0.exeString found in binary or memory: override-additional-config-url
Source: set_0.exeString found in binary or memory: post-elevated-install-tasks
Source: set_0.exeString found in binary or memory: Try '%ls --help' for more information.
Source: set_0.exeString found in binary or memory: Try '%ls --help' for more information.
Source: set_0.exeString found in binary or memory: all-installer-experiments
Source: set_0.exeString found in binary or memory: Global\Opera/Installer/
Source: set_0.exeString found in binary or memory: ran-launcher
Source: set_0.exeString found in binary or memory: opera-startpage-special
Source: set_0.exeString found in binary or memory: run-at-startup-default
Source: set_0.exeString found in binary or memory: replace-addons-extensions-with-gx-store-substitutes
Source: set_0.exeString found in binary or memory: run-at-startup
Source: set_0.exeString found in binary or memory: video-on-start-page
Source: set_0.exeString found in binary or memory: yat-emoji-addresses
Source: set_0.exeString found in binary or memory: installer-bypass-launcher
Source: set_0.exeString found in binary or memory: When enabled, https://addons.opera.com/en/extensions/details/dify-cashback/ extension will be added to the user's extensions
Source: set_0.exeString found in binary or memory: enable-installer-stats
Source: set_0.exeString found in binary or memory: master-copy-installation
Source: set_0.exeString found in binary or memory: launchopera-on-os-start
Source: set_0.exeString found in binary or memory: show-eula-window-on-start
Source: set_0.exeString found in binary or memory: OperaInstaller/InstallationInterrupted
Source: set_0.exeString found in binary or memory: Local\%ls/Installer/UI_lock
Source: set_0.exeString found in binary or memory: override-additional-config-url
Source: set_0.exeString found in binary or memory: test-pre-installed-extensions-dir
Source: set_0.exeString found in binary or memory: post-elevated-install-tasks
Source: set_0.exeString found in binary or memory: Try '%ls --help' for more information.
Source: set_0.exeString found in binary or memory: Try '%ls --help' for more information.
Source: set_0.exeString found in binary or memory: all-installer-experiments
Source: set_0.exeString found in binary or memory: Global\Opera/Installer/
Source: set_0.exeString found in binary or memory: ran-launcher
Source: set_0.exeString found in binary or memory: opera-startpage-special
Source: set_0.exeString found in binary or memory: run-at-startup-default
Source: set_0.exeString found in binary or memory: replace-addons-extensions-with-gx-store-substitutes
Source: set_0.exeString found in binary or memory: run-at-startup
Source: set_0.exeString found in binary or memory: video-on-start-page
Source: set_0.exeString found in binary or memory: yat-emoji-addresses
Source: set_0.exeString found in binary or memory: installer-bypass-launcher
Source: set_0.exeString found in binary or memory: When enabled, https://addons.opera.com/en/extensions/details/dify-cashback/ extension will be added to the user's extensions
Source: set_0.exeString found in binary or memory: enable-installer-stats
Source: set_0.exeString found in binary or memory: master-copy-installation
Source: set_0.exeString found in binary or memory: launchopera-on-os-start
Source: set_0.exeString found in binary or memory: show-eula-window-on-start
Source: set_0.exeString found in binary or memory: Local\%ls/Installer/UI_lock
Source: set_0.exeString found in binary or memory: OperaInstaller/InstallationInterrupted
Source: set_0.exeString found in binary or memory: test-pre-installed-extensions-dir
Source: set_0.exeString found in binary or memory: override-additional-config-url
Source: set_0.exeString found in binary or memory: post-elevated-install-tasks
Source: set_0.exeString found in binary or memory: Try '%ls --help' for more information.
Source: set_0.exeString found in binary or memory: Try '%ls --help' for more information.
Source: set_0.exeString found in binary or memory: all-installer-experiments
Source: set_0.exeString found in binary or memory: Global\Opera/Installer/
Source: set_0.exeString found in binary or memory: ran-launcher
Source: set_0.exeString found in binary or memory: opera-startpage-special
Source: set_0.exeString found in binary or memory: run-at-startup-default
Source: set_0.exeString found in binary or memory: replace-addons-extensions-with-gx-store-substitutes
Source: set_0.exeString found in binary or memory: run-at-startup
Source: set_0.exeString found in binary or memory: video-on-start-page
Source: set_0.exeString found in binary or memory: yat-emoji-addresses
Source: set_0.exeString found in binary or memory: installer-bypass-launcher
Source: set_0.exeString found in binary or memory: When enabled, https://addons.opera.com/en/extensions/details/dify-cashback/ extension will be added to the user's extensions
Source: set_0.exeString found in binary or memory: enable-installer-stats
Source: set_0.exeString found in binary or memory: master-copy-installation
Source: set_0.exeString found in binary or memory: launchopera-on-os-start
Source: set_0.exeString found in binary or memory: show-eula-window-on-start
Source: set_0.exeString found in binary or memory: Local\%ls/Installer/UI_lock
Source: set_0.exeString found in binary or memory: OperaInstaller/InstallationInterrupted
Source: set_0.exeString found in binary or memory: test-pre-installed-extensions-dir
Source: set_0.exeString found in binary or memory: override-additional-config-url
Source: set_0.exeString found in binary or memory: post-elevated-install-tasks
Source: set_0.exeString found in binary or memory: Try '%ls --help' for more information.
Source: set_0.exeString found in binary or memory: Try '%ls --help' for more information.
Source: set_0.exeString found in binary or memory: all-installer-experiments
Source: set_0.exeString found in binary or memory: Global\Opera/Installer/
Source: set_0.exeString found in binary or memory: ran-launcher
Source: assistant_installer.exeString found in binary or memory: ../../opera/desktop/windows/assistant/installer/assistant_installer_main.cc
Source: assistant_installer.exeString found in binary or memory: ../../opera/desktop/windows/installer/transactions/move_file_operation.cc
Source: assistant_installer.exeString found in binary or memory: ../../opera/desktop/windows/installer/common/association_utils.cc
Source: assistant_installer.exeString found in binary or memory: ../../opera/desktop/windows/assistant/installer/assistant_installer.cc
Source: assistant_installer.exeString found in binary or memory: ../../opera/desktop/windows/installer/transactions/unpack_archive_operation.cc
Source: assistant_installer.exeString found in binary or memory: ../../opera/desktop/windows/installer/service/task_scheduler_v2.cc
Source: assistant_installer.exeString found in binary or memory: ../../opera/desktop/windows/installer/transactions/change_reg_value_operation.cc
Source: assistant_installer.exeString found in binary or memory: ../../opera/desktop/windows/installer/transactions/copy_file_operation.cc
Source: assistant_installer.exeString found in binary or memory: ../../base/process/launch_win.cc
Source: assistant_installer.exeString found in binary or memory: Try '%ls --help' for more information.
Source: assistant_installer.exeString found in binary or memory: Try '%ls --help' for more information.
Source: assistant_installer.exeString found in binary or memory: ../../opera/desktop/windows/installer/transactions/create_folder_operation.cc
Source: assistant_installer.exeString found in binary or memory: ../../opera/desktop/windows/assistant/installer/assistant_installer_steps.cc
Source: assistant_installer.exeString found in binary or memory: ../../opera/desktop/windows/installer/transactions/create_reg_key_operation.cc
Source: assistant_installer.exeString found in binary or memory: ../../opera/desktop/windows/installer/status/json_installation_status_writer.cc
Source: assistant_installer.exeString found in binary or memory: post-elevated-install-tasks
Source: assistant_installer.exeString found in binary or memory: ../../opera/desktop/windows/installer/transactions/delete_file_operation.cc
Source: assistant_installer.exeString found in binary or memory: ../../opera/desktop/windows/installer/transactions/delete_reg_key_operation.cc
Source: assistant_installer.exeString found in binary or memory: Try '%ls --help' for more information.
Source: assistant_installer.exeString found in binary or memory: Try '%ls --help' for more information.
Source: assistant_installer.exeString found in binary or memory: ../../opera/desktop/windows/assistant/installer/assistant_installer_main.cc
Source: assistant_installer.exeString found in binary or memory: ../../opera/desktop/windows/installer/transactions/move_file_operation.cc
Source: assistant_installer.exeString found in binary or memory: ../../opera/desktop/windows/installer/common/association_utils.cc
Source: assistant_installer.exeString found in binary or memory: ../../opera/desktop/windows/assistant/installer/assistant_installer.cc
Source: assistant_installer.exeString found in binary or memory: ../../opera/desktop/windows/installer/transactions/unpack_archive_operation.cc
Source: assistant_installer.exeString found in binary or memory: ../../opera/desktop/windows/installer/service/task_scheduler_v2.cc
Source: assistant_installer.exeString found in binary or memory: ../../opera/desktop/windows/installer/transactions/change_reg_value_operation.cc
Source: assistant_installer.exeString found in binary or memory: ../../opera/desktop/windows/installer/transactions/copy_file_operation.cc
Source: assistant_installer.exeString found in binary or memory: ../../base/process/launch_win.cc
Source: assistant_installer.exeString found in binary or memory: Try '%ls --help' for more information.
Source: assistant_installer.exeString found in binary or memory: Try '%ls --help' for more information.
Source: assistant_installer.exeString found in binary or memory: ../../opera/desktop/windows/installer/transactions/create_folder_operation.cc
Source: assistant_installer.exeString found in binary or memory: ../../opera/desktop/windows/assistant/installer/assistant_installer_steps.cc
Source: assistant_installer.exeString found in binary or memory: ../../opera/desktop/windows/installer/transactions/create_reg_key_operation.cc
Source: assistant_installer.exeString found in binary or memory: ../../opera/desktop/windows/installer/status/json_installation_status_writer.cc
Source: assistant_installer.exeString found in binary or memory: post-elevated-install-tasks
Source: assistant_installer.exeString found in binary or memory: ../../opera/desktop/windows/installer/transactions/delete_file_operation.cc
Source: assistant_installer.exeString found in binary or memory: ../../opera/desktop/windows/installer/transactions/delete_reg_key_operation.cc
Source: assistant_installer.exeString found in binary or memory: Try '%ls --help' for more information.
Source: assistant_installer.exeString found in binary or memory: Try '%ls --help' for more information.
Source: winrar-x64-620b2.exeString found in binary or memory: /LOADINF="filename"
Source: C:\Users\user\Desktop\winrar-x64-620b2.exeFile read: C:\Users\user\Desktop\winrar-x64-620b2.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\winrar-x64-620b2.exe "C:\Users\user\Desktop\winrar-x64-620b2.exe"
Source: C:\Users\user\Desktop\winrar-x64-620b2.exeProcess created: C:\Users\user\AppData\Local\Temp\is-LCQTO.tmp\winrar-x64-620b2.tmp "C:\Users\user\AppData\Local\Temp\is-LCQTO.tmp\winrar-x64-620b2.tmp" /SL5="$20456,7896458,780800,C:\Users\user\Desktop\winrar-x64-620b2.exe"
Source: C:\Users\user\AppData\Local\Temp\is-LCQTO.tmp\winrar-x64-620b2.tmpProcess created: C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exe "C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exe"
Source: C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exeProcess created: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe "C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe" --silent --allusers=0
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeProcess created: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=107.0.5045.79 --initial-client-data=0x398,0x39c,0x3a0,0x374,0x3a4,0x6c3a623c,0x6c3a6248,0x6c3a6254
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeProcess created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\set_0.exe "C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\set_0.exe" --version
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeProcess created: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe "C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="C:\Users\user\AppData\Local\Programs\Opera GX" --profile-folder --language=en-GB --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=6968 --package-dir-prefix="C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_20240330173821" --session-guid=a10f841a-b084-4b1c-a270-9471596263d2 --server-tracking-blob=MzQwYjFlY2Q3YzUwMzljOWRhMzc4ZWY2NDVlZTkxNGE5MzY0ODhiMmM5YmFiMDE5ZTk1N2JhOTU2NTJhM2RiNzp7ImNvdW50cnkiOiJVUyIsImVkaXRpb24iOiJzdGQtMSIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOnsibmFtZSI6Im9wZXJhX2d4In0sInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS9lZGl0aW9uL3N0ZC0xP3V0bV9zb3VyY2U9UFdOZ2FtZXMmdXRtX21lZGl1bT1wYSZ1dG1fY2FtcGFpZ249UFdOX1VTX1BCM19ERF8zNjYxJnV0bV9pZD1hOTUzMmNlZWRiYTc0NzJhODlhNzNhZGI3MDI3ZGI4NSZ1dG1fY29udGVudD0zNjYxXzIzNTMiLCJzeXN0ZW0iOnsicGxhdGZvcm0iOnsiYXJjaCI6Ing4Nl82NCIsIm9wc3lzIjoiV2luZG93cyIsIm9wc3lzLXZlcnNpb24iOiIxMCIsInBhY2thZ2UiOiJFWEUifX0sInRpbWVzdGFtcCI6IjE3MTE4MTY2OTkuOTMyNiIsInVzZXJhZ2VudCI6Iklubm9Eb3dubG9hZFBsdWdpbi8xLjUiLCJ1dG0iOnsiY2FtcGFpZ24iOiJQV05fVVNfUEIzX0REXzM2NjEiLCJjb250ZW50IjoiMzY2MV8yMzUzIiwiaWQiOiJhOTUzMmNlZWRiYTc0NzJhODlhNzNhZGI3MDI3ZGI4NSIsIm1lZGl1bSI6InBhIiwic291cmNlIjoiUFdOZ2FtZXMifSwidXVpZCI6IjFiNjA5MDQ5LTIxN2QtNDVkMy04ODZiLTM3N2E2MTY5YWJiZCJ9 --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=0406000000000000
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeProcess created: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=107.0.5045.79 --initial-client-data=0x388,0x38c,0x390,0x364,0x394,0x6b74623c,0x6b746248,0x6b746254
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeProcess created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe "C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe"
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeProcess created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exe "C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exe" --version
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeProcess created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exe "C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=73.0.3856.382 --initial-client-data=0x334,0x338,0x33c,0x310,0x340,0x9f4f48,0x9f4f58,0x9f4f64
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeProcess created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe "C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe" --backend --initial-pid=6968 --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="C:\Users\user\AppData\Local\Programs\Opera GX" --profile-folder --language=en-GB --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --package-dir="C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211" --session-guid=a10f841a-b084-4b1c-a270-9471596263d2 --server-tracking-blob=MzQwYjFlY2Q3YzUwMzljOWRhMzc4ZWY2NDVlZTkxNGE5MzY0ODhiMmM5YmFiMDE5ZTk1N2JhOTU2NTJhM2RiNzp7ImNvdW50cnkiOiJVUyIsImVkaXRpb24iOiJzdGQtMSIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOnsibmFtZSI6Im9wZXJhX2d4In0sInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS9lZGl0aW9uL3N0ZC0xP3V0bV9zb3VyY2U9UFdOZ2FtZXMmdXRtX21lZGl1bT1wYSZ1dG1fY2FtcGFpZ249UFdOX1VTX1BCM19ERF8zNjYxJnV0bV9pZD1hOTUzMmNlZWRiYTc0NzJhODlhNzNhZGI3MDI3ZGI4NSZ1dG1fY29udGVudD0zNjYxXzIzNTMiLCJzeXN0ZW0iOnsicGxhdGZvcm0iOnsiYXJjaCI6Ing4Nl82NCIsIm9wc3lzIjoiV2luZG93cyIsIm9wc3lzLXZlcnNpb24iOiIxMCIsInBhY2thZ2UiOiJFWEUifX0sInRpbWVzdGFtcCI6IjE3MTE4MTY2OTkuOTMyNiIsInVzZXJhZ2VudCI6Iklubm9Eb3dubG9hZFBsdWdpbi8xLjUiLCJ1dG0iOnsiY2FtcGFpZ24iOiJQV05fVVNfUEIzX0REXzM2NjEiLCJjb250ZW50IjoiMzY2MV8yMzUzIiwiaWQiOiJhOTUzMmNlZWRiYTc0NzJhODlhNzNhZGI3MDI3ZGI4NSIsIm1lZGl1bSI6InBhIiwic291cmNlIjoiUFdOZ2FtZXMifSwidXVpZCI6IjFiNjA5MDQ5LTIxN2QtNDVkMy04ODZiLTM3N2E2MTY5YWJiZCJ9 --silent --desktopshortcut=1 --install-subfolder=107.0.5045.79
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeProcess created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe "C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktopGX --annotation=ver=107.0.5045.79 --initial-client-data=0x2c4,0x2c8,0x2cc,0x29c,0x2d0,0x7ff8a8dad180,0x7ff8a8dad18c,0x7ff8a8dad198
Source: C:\Users\user\Desktop\winrar-x64-620b2.exeProcess created: C:\Users\user\AppData\Local\Temp\is-LCQTO.tmp\winrar-x64-620b2.tmp "C:\Users\user\AppData\Local\Temp\is-LCQTO.tmp\winrar-x64-620b2.tmp" /SL5="$20456,7896458,780800,C:\Users\user\Desktop\winrar-x64-620b2.exe" Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LCQTO.tmp\winrar-x64-620b2.tmpProcess created: C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exe "C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exe"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exeProcess created: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe "C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe" --silent --allusers=0Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeProcess created: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=107.0.5045.79 --initial-client-data=0x398,0x39c,0x3a0,0x374,0x3a4,0x6c3a623c,0x6c3a6248,0x6c3a6254Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeProcess created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\set_0.exe "C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\set_0.exe" --versionJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeProcess created: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe "C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="C:\Users\user\AppData\Local\Programs\Opera GX" --profile-folder --language=en-GB --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=6968 --package-dir-prefix="C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_20240330173821" --session-guid=a10f841a-b084-4b1c-a270-9471596263d2 --server-tracking-blob=MzQwYjFlY2Q3YzUwMzljOWRhMzc4ZWY2NDVlZTkxNGE5MzY0ODhiMmM5YmFiMDE5ZTk1N2JhOTU2NTJhM2RiNzp7ImNvdW50cnkiOiJVUyIsImVkaXRpb24iOiJzdGQtMSIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOnsibmFtZSI6Im9wZXJhX2d4In0sInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS9lZGl0aW9uL3N0ZC0xP3V0bV9zb3VyY2U9UFdOZ2FtZXMmdXRtX21lZGl1bT1wYSZ1dG1fY2FtcGFpZ249UFdOX1VTX1BCM19ERF8zNjYxJnV0bV9pZD1hOTUzMmNlZWRiYTc0NzJhODlhNzNhZGI3MDI3ZGI4NSZ1dG1fY29udGVudD0zNjYxXzIzNTMiLCJzeXN0ZW0iOnsicGxhdGZvcm0iOnsiYXJjaCI6Ing4Nl82NCIsIm9wc3lzIjoiV2luZG93cyIsIm9wc3lzLXZlcnNpb24iOiIxMCIsInBhY2thZ2UiOiJFWEUifX0sInRpbWVzdGFtcCI6IjE3MTE4MTY2OTkuOTMyNiIsInVzZXJhZ2VudCI6Iklubm9Eb3dubG9hZFBsdWdpbi8xLjUiLCJ1dG0iOnsiY2FtcGFpZ24iOiJQV05fVVNfUEIzX0REXzM2NjEiLCJjb250ZW50IjoiMzY2MV8yMzUzIiwiaWQiOiJhOTUzMmNlZWRiYTc0NzJhODlhNzNhZGI3MDI3ZGI4NSIsIm1lZGl1bSI6InBhIiwic291cmNlIjoiUFdOZ2FtZXMifSwidXVpZCI6IjFiNjA5MDQ5LTIxN2QtNDVkMy04ODZiLTM3N2E2MTY5YWJiZCJ9 --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=0406000000000000Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeProcess created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe "C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeProcess created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exe "C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exe" --versionJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeProcess created: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=107.0.5045.79 --initial-client-data=0x388,0x38c,0x390,0x364,0x394,0x6b74623c,0x6b746248,0x6b746254Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeProcess created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe "C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe" --backend --initial-pid=6968 --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="C:\Users\user\AppData\Local\Programs\Opera GX" --profile-folder --language=en-GB --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --package-dir="C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211" --session-guid=a10f841a-b084-4b1c-a270-9471596263d2 --server-tracking-blob=MzQwYjFlY2Q3YzUwMzljOWRhMzc4ZWY2NDVlZTkxNGE5MzY0ODhiMmM5YmFiMDE5ZTk1N2JhOTU2NTJhM2RiNzp7ImNvdW50cnkiOiJVUyIsImVkaXRpb24iOiJzdGQtMSIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOnsibmFtZSI6Im9wZXJhX2d4In0sInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS9lZGl0aW9uL3N0ZC0xP3V0bV9zb3VyY2U9UFdOZ2FtZXMmdXRtX21lZGl1bT1wYSZ1dG1fY2FtcGFpZ249UFdOX1VTX1BCM19ERF8zNjYxJnV0bV9pZD1hOTUzMmNlZWRiYTc0NzJhODlhNzNhZGI3MDI3ZGI4NSZ1dG1fY29udGVudD0zNjYxXzIzNTMiLCJzeXN0ZW0iOnsicGxhdGZvcm0iOnsiYXJjaCI6Ing4Nl82NCIsIm9wc3lzIjoiV2luZG93cyIsIm9wc3lzLXZlcnNpb24iOiIxMCIsInBhY2thZ2UiOiJFWEUifX0sInRpbWVzdGFtcCI6IjE3MTE4MTY2OTkuOTMyNiIsInVzZXJhZ2VudCI6Iklubm9Eb3dubG9hZFBsdWdpbi8xLjUiLCJ1dG0iOnsiY2FtcGFpZ24iOiJQV05fVVNfUEIzX0REXzM2NjEiLCJjb250ZW50IjoiMzY2MV8yMzUzIiwiaWQiOiJhOTUzMmNlZWRiYTc0NzJhODlhNzNhZGI3MDI3ZGI4NSIsIm1lZGl1bSI6InBhIiwic291cmNlIjoiUFdOZ2FtZXMifSwidXVpZCI6IjFiNjA5MDQ5LTIxN2QtNDVkMy04ODZiLTM3N2E2MTY5YWJiZCJ9 --silent --desktopshortcut=1 --install-subfolder=107.0.5045.79Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeProcess created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exe "C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=73.0.3856.382 --initial-client-data=0x334,0x338,0x33c,0x310,0x340,0x9f4f48,0x9f4f58,0x9f4f64
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeProcess created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe "C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktopGX --annotation=ver=107.0.5045.79 --initial-client-data=0x2c4,0x2c8,0x2cc,0x29c,0x2d0,0x7ff8a8dad180,0x7ff8a8dad18c,0x7ff8a8dad198
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeProcess created: unknown unknown
Source: C:\Windows\explorer.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\is-LCQTO.tmp\winrar-x64-620b2.tmpKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\InProcServer32Jump to behavior
Source: Opera GX Browser .lnk.14.drLNK file: ..\..\..\..\Programs\Opera GX\launcher.exe
Source: Opera GX Browser .lnk0.14.drLNK file: ..\..\..\..\Programs\Opera GX\launcher.exe
Source: Opera GX Browser .lnk1.14.drLNK file: ..\..\..\..\Programs\Opera GX\launcher.exe
Source: Opera GX Browser .lnk2.14.drLNK file: ..\..\..\..\Programs\Opera GX\launcher.exe
Source: C:\Users\user\AppData\Local\Temp\is-LCQTO.tmp\winrar-x64-620b2.tmpKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOwnerJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LCQTO.tmp\winrar-x64-620b2.tmpWindow found: window name: TMainFormJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LCQTO.tmp\winrar-x64-620b2.tmpAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-LCQTO.tmp\winrar-x64-620b2.tmpAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-LCQTO.tmp\winrar-x64-620b2.tmpAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-LCQTO.tmp\winrar-x64-620b2.tmpAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-LCQTO.tmp\winrar-x64-620b2.tmpAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-LCQTO.tmp\winrar-x64-620b2.tmpAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-LCQTO.tmp\winrar-x64-620b2.tmpAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-LCQTO.tmp\winrar-x64-620b2.tmpAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-LCQTO.tmp\winrar-x64-620b2.tmpAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-LCQTO.tmp\winrar-x64-620b2.tmpAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-LCQTO.tmp\winrar-x64-620b2.tmpAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-LCQTO.tmp\winrar-x64-620b2.tmpAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-LCQTO.tmp\winrar-x64-620b2.tmpAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-LCQTO.tmp\winrar-x64-620b2.tmpAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-LCQTO.tmp\winrar-x64-620b2.tmpAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-LCQTO.tmp\winrar-x64-620b2.tmpAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-LCQTO.tmp\winrar-x64-620b2.tmpAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-LCQTO.tmp\winrar-x64-620b2.tmpAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-LCQTO.tmp\winrar-x64-620b2.tmpAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exeAutomated click: Next >
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exeWindow detected: &Next >CancelReal Files Real FilesLicense AgreementPlease review the license terms before installing Real Files.Press Page Down to see the rest of the agreement.Welcome this is an important message and license agreement so please read all below carefully. Real Files is financed by advertisement. By clicking Accept you will continue with the installation of Real Files and the offers listed below.Get an unparalleled gaming and browsing experience on mobile and desktop with OperaGX. Set limits on CPU RAM and Network usage use Discord & Twitch from the sidebar and connect mobile and desktop browsers with the file-sharing Flow feature. By clicking "Accept" I agree to the EULA <https://legal.opera.com/eula/computers/> Privacy Policy <https://legal.opera.com/privacy/> and consent to install.Browser is fast and secure web browser which does not collect your usage data.By clicking "Accept" I agree to the EULA <https://www.inlogbrowser.com/eula.txt> Privacy Policy <https://www.inlogbrowser.com/pp.txt> and consent to install Inlog Browser. This program can be removed at anytime in Windows Add/Remove Programs.AdBlock Fast gives you the ability to block ads in exchange for a small amount of your unused processing power storage and bandwidth managed by Massive. You can monitor and control this resource use anytime by choosing Resource usage from the app menu. Your idle computing resources such as CPU GPU and Network bandwidth are used to perform business intelligence research run scientific simulations and perform other distributed tasks which may increase electricity consumption or decrease battery life (see Massive's FAQ <https://www.joinmassive.com/faq> for details potential risks and their mitigation). Pressing "I agree" indicates that you agree to Massive's license <https://adblockfast.com/license/> and Privacy Policy <https://www.iubenda.com/privacy-policy/216992>.for Youtube - Say Goodbye to annoying ads in videos and websites with our free Adblocker.YouTube Adblocker is a cutting-edge adblocking solution designed to provide users with uninterrupted and seamless viewing experiences on the popular video-sharing platform YouTube. By clicking "Accept" I agree to the EULA <https://clearplaytube.com/eula> and consent to install.proxy service to protect your privacy. Accept the EULA <https://www.termsfeed.com/live/4bb495ca-d123-4f4d-a727-e9c4d0f3fabe> by pressing "Agree". By proceeding with the installation you agree to the EULA <https://digitalpulsedata.com/tos> grant Digital Pulse permission to occasionally utilize the available resources of your device and IP address to retrieve public web data from the Internet. Digital Pulse highly regards your trust and prioritizes safeguarding your privacy and personal data. To ensure your safety Digital Pulse comprehends the security implications involved in sharing your IP address and diligently monitors all network traffic. Your IP address will solely be used for authorized business purposes and never
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeRegistry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Opera GX 107.0.5045.79
Source: winrar-x64-620b2.exeStatic file information: File size 8703255 > 1048576
Source: winrar-x64-620b2.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Binary string: assistant_installer.exe.pdb source: Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2545685055.0000000003509000.00000004.00000020.00020000.00000000.sdmp, assistant_installer.exe, 0000000C.00000000.2547130076.00000000009D5000.00000002.00000001.01000000.00000014.sdmp, assistant_installer.exe, 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmp, assistant_installer.exe, 0000000D.00000000.2548205524.00000000009D5000.00000002.00000001.01000000.00000014.sdmp, assistant_installer.exe, 0000000D.00000002.2549972447.00000000009D5000.00000002.00000001.01000000.00000014.sdmp
Source: Binary string: c:\srv\slave\workdir\repos\opera\chromium\src\out\Release\notification_helper.exe.pdb source: notification_helper.exe.8.dr
Source: Binary string: c:\srv\slave\workdir\repos\opera\chromium\src\out\Release\installer.exe.pdb source: installer.exe, 0000000E.00000000.2900377829.00007FF6C8731000.00000002.00000001.01000000.00000015.sdmp, installer.exe, 0000000E.00000002.3112670826.00007FF6C8731000.00000002.00000001.01000000.00000015.sdmp, installer.exe, 0000000F.00000002.3122600895.00007FF6C8731000.00000002.00000001.01000000.00000015.sdmp, installer.exe, 0000000F.00000000.2903274000.00007FF6C8731000.00000002.00000001.01000000.00000015.sdmp
Source: Binary string: .exe.pdbp source: set_0.exe, 00000005.00000000.2249087421.00000000007F7000.00000080.00000001.01000000.0000000C.sdmp, set_0.exe, 00000006.00000000.2251790811.00000000007F7000.00000080.00000001.01000000.0000000C.sdmp, set_0.exe, 00000007.00000000.2254899737.0000000000A27000.00000080.00000001.01000000.0000000F.sdmp, set_0.exe, 00000008.00000000.2258423922.00000000007F7000.00000080.00000001.01000000.0000000C.sdmp, set_0.exe, 00000009.00000000.2262126259.00000000007F7000.00000080.00000001.01000000.0000000C.sdmp
Source: Binary string: browser_assistant.exe.pdb source: Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2545685055.00000000037DD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: _lib.dll.pdb`, source: set_0.exe, 00000005.00000000.2249087421.00000000007F7000.00000080.00000001.01000000.0000000C.sdmp, set_0.exe, 00000006.00000000.2251790811.00000000007F7000.00000080.00000001.01000000.0000000C.sdmp, set_0.exe, 00000007.00000000.2254899737.0000000000A27000.00000080.00000001.01000000.0000000F.sdmp, set_0.exe, 00000008.00000000.2258423922.00000000007F7000.00000080.00000001.01000000.0000000C.sdmp, set_0.exe, 00000009.00000000.2262126259.00000000007F7000.00000080.00000001.01000000.0000000C.sdmp
Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: zRLeaVuwHZUsAJ.exe, 00000013.00000002.3246424123.0000000000E1E000.00000002.00000001.01000000.00000019.sdmp, zRLeaVuwHZUsAJ.exe, 00000014.00000000.2937113143.0000000000E1E000.00000002.00000001.01000000.00000019.sdmp, zRLeaVuwHZUsAJ.exe, 00000015.00000000.2939422423.0000000000E1E000.00000002.00000001.01000000.00000019.sdmp, zRLeaVuwHZUsAJ.exe, 00000016.00000000.2940803812.0000000000E1E000.00000002.00000001.01000000.00000019.sdmp, zRLeaVuwHZUsAJ.exe, 00000017.00000002.3247158200.0000000000E1E000.00000002.00000001.01000000.00000019.sdmp, zRLeaVuwHZUsAJ.exe, 00000018.00000002.3243388979.0000000000E1E000.00000002.00000001.01000000.00000019.sdmp, zRLeaVuwHZUsAJ.exe, 00000019.00000000.2944437156.0000000000E1E000.00000002.00000001.01000000.00000019.sdmp, zRLeaVuwHZUsAJ.exe, 0000001A.00000002.3242711532.0000000000E1E000.00000002.00000001.01000000.00000019.sdmp, zRLeaVuwHZUsAJ.exe, 0000001B.00000000.2946551337.0000000000E1E000.00000002.00000001.01000000.00000019.sdmp, zRLeaVuwHZUsAJ.exe, 0000001C.00000000.2947484119.0000000000E1E000.00000002.00000001.01000000.00000019.sdmp, zRLeaVuwHZUsAJ.exe, 0000001D.00000000.2948022686.0000000000E1E000.00000002.00000001.01000000.00000019.sdmp, zRLeaVuwHZUsAJ.exe, 0000001E.00000002.3232254734.0000000000E1E000.00000002.00000001.01000000.00000019.sdmp, zRLeaVuwHZUsAJ.exe, 0000001F.00000002.3237271292.0000000000E1E000.00000002.00000001.01000000.00000019.sdmp, zRLeaVuwHZUsAJ.exe, 00000020.00000002.3242821660.0000000000E1E000.00000002.00000001.01000000.00000019.sdmp, zRLeaVuwHZUsAJ.exe, 00000021.00000002.3243418700.0000000000E1E000.00000002.00000001.01000000.00000019.sdmp, zRLeaVuwHZUsAJ.exe, 00000022.00000000.2954401522.0000000000E1E000.00000002.00000001.01000000.00000019.sdmp, zRLeaVuwHZUsAJ.exe, 00000023.00000002.3243339222.0000000000E1E000.00000002.00000001.01000000.00000019.sdmp, zRLeaVuwHZUsAJ.exe, 00000024.00000002.3244029994.0000000000E1E000.00000002.00000001.01000000.00000019.sdmp, zRLeaVuwHZUsAJ.exe, 00000025.00000000.2959860580.0000000000E1E000.00000002.00000001.01000000.00000019.sdmp, zRLeaVuwHZUsAJ.exe, 00000026.00000000.2965274536.0000000000E1E000.00000002.00000001.01000000.00000019.sdmp, zRLeaVuwHZUsAJ.exe, 00000027.00000000.2966841955.0000000000E1E000.00000002.00000001.01000000.00000019.sdmp
Source: Binary string: mojo_core.dll.pdb source: Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2545685055.00000000037DD000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2546248972.0000000003DB0000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: c:\srv\slave\workdir\repos\opera1\chromium\src\out\Release\installer_lib.dll.pdb`, source: set_0.exe, 00000005.00000002.3143372418.0000000000620000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000006.00000002.3155150882.0000000000620000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000007.00000002.2257434736.0000000000850000.00000040.00000001.01000000.0000000F.sdmp, set_0.exe, 00000008.00000002.3114831364.0000000000620000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000009.00000002.3133575012.0000000000620000.00000040.00000001.01000000.0000000C.sdmp
Source: Binary string: _lib.dll.pdb source: set_0.exe, 00000005.00000000.2249087421.00000000007F7000.00000080.00000001.01000000.0000000C.sdmp, set_0.exe, 00000006.00000000.2251790811.00000000007F7000.00000080.00000001.01000000.0000000C.sdmp, set_0.exe, 00000007.00000000.2254899737.0000000000A27000.00000080.00000001.01000000.0000000F.sdmp, set_0.exe, 00000008.00000000.2258423922.00000000007F7000.00000080.00000001.01000000.0000000C.sdmp, set_0.exe, 00000009.00000000.2262126259.00000000007F7000.00000080.00000001.01000000.0000000C.sdmp
Source: Binary string: c:\srv\slave\workdir\repos\opera1\chromium\src\out\Release\installer.exe.pdb source: set_0.exe, set_0.exe, 00000009.00000002.3133575012.00000000005A1000.00000040.00000001.01000000.0000000C.sdmp
Source: Binary string: c:\srv\slave\workdir\repos\opera1\chromium\src\out\Release\installer.exe.pdbp source: set_0.exe, 00000005.00000002.3143372418.00000000005A1000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000006.00000002.3155150882.00000000005A1000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000007.00000002.2257434736.00000000007D1000.00000040.00000001.01000000.0000000F.sdmp, set_0.exe, 00000008.00000002.3114831364.00000000005A1000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000009.00000002.3133575012.00000000005A1000.00000040.00000001.01000000.0000000C.sdmp
Source: Binary string: .exe.pdb source: set_0.exe, 00000005.00000000.2249087421.00000000007F7000.00000080.00000001.01000000.0000000C.sdmp, set_0.exe, 00000006.00000000.2251790811.00000000007F7000.00000080.00000001.01000000.0000000C.sdmp, set_0.exe, 00000007.00000000.2254899737.0000000000A27000.00000080.00000001.01000000.0000000F.sdmp, set_0.exe, 00000008.00000000.2258423922.00000000007F7000.00000080.00000001.01000000.0000000C.sdmp, set_0.exe, 00000009.00000000.2262126259.00000000007F7000.00000080.00000001.01000000.0000000C.sdmp
Source: Binary string: c:\srv\slave\workdir\repos\opera\chromium\src\out\Release\launcher.exe.pdb source: installer.exe, 0000000E.00000003.2908113154.000002DDED3D1000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: browser_assistant.exe.pdbe source: Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2545685055.00000000037DD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: c:\srv\slave\workdir\repos\opera1\chromium\src\out\Release\installer_lib.dll.pdb source: set_0.exe, 00000005.00000002.3143372418.0000000000620000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000006.00000002.3155150882.0000000000620000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000007.00000002.2257434736.0000000000850000.00000040.00000001.01000000.0000000F.sdmp, set_0.exe, 00000008.00000002.3114831364.0000000000620000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000009.00000002.3133575012.0000000000620000.00000040.00000001.01000000.0000000C.sdmp
Source: Binary string: assistant_installer.exe.pdb@ source: Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2545685055.0000000003509000.00000004.00000020.00020000.00000000.sdmp, assistant_installer.exe, 0000000C.00000000.2547130076.00000000009D5000.00000002.00000001.01000000.00000014.sdmp, assistant_installer.exe, 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmp, assistant_installer.exe, 0000000D.00000000.2548205524.00000000009D5000.00000002.00000001.01000000.00000014.sdmp, assistant_installer.exe, 0000000D.00000002.2549972447.00000000009D5000.00000002.00000001.01000000.00000014.sdmp
Source: Binary string: c:\srv\slave\workdir\repos\opera\chromium\src\out\Release\installer_lib.dll.pdb source: installer.exe, 0000000E.00000000.2900452325.00007FF6C8757000.00000002.00000001.01000000.00000015.sdmp, installer.exe, 0000000F.00000002.3123167236.00007FF6C8757000.00000002.00000001.01000000.00000015.sdmp
Source: dxil.dll.8.drStatic PE information: 0x7DBE8527 [Fri Nov 7 02:32:07 2036 UTC]
Source: C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exeCode function: 3_2_00405E88 GetModuleHandleA,LoadLibraryA,GetProcAddress,3_2_00405E88
Source: OperaGXSetup[1].exe.3.drStatic PE information: real checksum: 0x37a444 should be: 0x36bcbe
Source: inetc.dll.3.drStatic PE information: real checksum: 0x0 should be: 0x1255d
Source: winrar-x64-620b2.exeStatic PE information: real checksum: 0x0 should be: 0x85c1cb
Source: set_0.exe.5.drStatic PE information: real checksum: 0x37a444 should be: 0x36bcbe
Source: is-LASMM.tmp.1.drStatic PE information: real checksum: 0x0 should be: 0x2e6f5f
Source: winrar-x64-620b2.tmp.0.drStatic PE information: real checksum: 0x0 should be: 0x2e078a
Source: set_0.exe.3.drStatic PE information: real checksum: 0x37a444 should be: 0x36bcbe
Source: winrar-x64-620b2.exeStatic PE information: section name: .didata
Source: winrar-x64-620b2.tmp.0.drStatic PE information: section name: .didata
Source: is-LASMM.tmp.1.drStatic PE information: section name: .didata
Source: Icrepplo_98220[1].exe.3.drStatic PE information: section name: .didata
Source: set_1.exe.3.drStatic PE information: section name: .didata
Source: Opera_installer_2403301638210966968.dll.5.drStatic PE information: section name: .00cfg
Source: Opera_installer_2403301638210966968.dll.5.drStatic PE information: section name: .rodata
Source: Opera_installer_2403301638210966968.dll.5.drStatic PE information: section name: CPADinfo
Source: Opera_installer_2403301638210966968.dll.5.drStatic PE information: section name: malloc_h
Source: Opera_installer_2403301638213415396.dll.6.drStatic PE information: section name: .00cfg
Source: Opera_installer_2403301638213415396.dll.6.drStatic PE information: section name: .rodata
Source: Opera_installer_2403301638213415396.dll.6.drStatic PE information: section name: CPADinfo
Source: Opera_installer_2403301638213415396.dll.6.drStatic PE information: section name: malloc_h
Source: Opera_installer_2403301638216716504.dll.7.drStatic PE information: section name: .00cfg
Source: Opera_installer_2403301638216716504.dll.7.drStatic PE information: section name: .rodata
Source: Opera_installer_2403301638216716504.dll.7.drStatic PE information: section name: CPADinfo
Source: Opera_installer_2403301638216716504.dll.7.drStatic PE information: section name: malloc_h
Source: Opera_installer_2403301638220563568.dll.8.drStatic PE information: section name: .00cfg
Source: Opera_installer_2403301638220563568.dll.8.drStatic PE information: section name: .rodata
Source: Opera_installer_2403301638220563568.dll.8.drStatic PE information: section name: CPADinfo
Source: Opera_installer_2403301638220563568.dll.8.drStatic PE information: section name: malloc_h
Source: mojo_core.dll.8.drStatic PE information: section name: .00cfg
Source: mojo_core.dll.8.drStatic PE information: section name: .gxfg
Source: mojo_core.dll.8.drStatic PE information: section name: .retplne
Source: mojo_core.dll.8.drStatic PE information: section name: _RDATA
Source: notification_helper.exe.8.drStatic PE information: section name: .00cfg
Source: notification_helper.exe.8.drStatic PE information: section name: .gxfg
Source: notification_helper.exe.8.drStatic PE information: section name: .retplne
Source: notification_helper.exe.8.drStatic PE information: section name: CPADinfo
Source: notification_helper.exe.8.drStatic PE information: section name: _RDATA
Source: opera.exe.8.drStatic PE information: section name: .00cfg
Source: opera.exe.8.drStatic PE information: section name: .gxfg
Source: opera.exe.8.drStatic PE information: section name: .retplne
Source: opera.exe.8.drStatic PE information: section name: _RDATA
Source: opera_autoupdate.exe.8.drStatic PE information: section name: .00cfg
Source: opera_autoupdate.exe.8.drStatic PE information: section name: .gxfg
Source: opera_autoupdate.exe.8.drStatic PE information: section name: .retplne
Source: opera_autoupdate.exe.8.drStatic PE information: section name: CPADinfo
Source: opera_autoupdate.exe.8.drStatic PE information: section name: LZMADEC
Source: opera_autoupdate.exe.8.drStatic PE information: section name: _RDATA
Source: opera_autoupdate.exe.8.drStatic PE information: section name: malloc_h
Source: opera_browser.dll.8.drStatic PE information: section name: .00cfg
Source: opera_browser.dll.8.drStatic PE information: section name: .gxfg
Source: opera_browser.dll.8.drStatic PE information: section name: .retplne
Source: opera_browser.dll.8.drStatic PE information: section name: .rodata
Source: opera_browser.dll.8.drStatic PE information: section name: CPADinfo
Source: opera_browser.dll.8.drStatic PE information: section name: LZMADEC
Source: opera_browser.dll.8.drStatic PE information: section name: _RDATA
Source: opera_browser.dll.8.drStatic PE information: section name: malloc_h
Source: opera_crashreporter.exe.8.drStatic PE information: section name: .00cfg
Source: opera_crashreporter.exe.8.drStatic PE information: section name: .gxfg
Source: opera_crashreporter.exe.8.drStatic PE information: section name: .retplne
Source: opera_crashreporter.exe.8.drStatic PE information: section name: CPADinfo
Source: opera_crashreporter.exe.8.drStatic PE information: section name: _RDATA
Source: opera_crashreporter.exe.8.drStatic PE information: section name: malloc_h
Source: opera_elf.dll.8.drStatic PE information: section name: .00cfg
Source: opera_elf.dll.8.drStatic PE information: section name: .gxfg
Source: opera_elf.dll.8.drStatic PE information: section name: .retplne
Source: opera_elf.dll.8.drStatic PE information: section name: _RDATA
Source: opera_gx_splash.exe.8.drStatic PE information: section name: .00cfg
Source: opera_gx_splash.exe.8.drStatic PE information: section name: .gxfg
Source: opera_gx_splash.exe.8.drStatic PE information: section name: .retplne
Source: opera_gx_splash.exe.8.drStatic PE information: section name: _RDATA
Source: CUESDK.x64_2017.dll.8.drStatic PE information: section name: .00cfg
Source: dxcompiler.dll.8.drStatic PE information: section name: .00cfg
Source: dxcompiler.dll.8.drStatic PE information: section name: .gxfg
Source: dxcompiler.dll.8.drStatic PE information: section name: .retplne
Source: dxcompiler.dll.8.drStatic PE information: section name: _RDATA
Source: dxil.dll.8.drStatic PE information: section name: _RDATA
Source: installer.exe.8.drStatic PE information: section name: .00cfg
Source: installer.exe.8.drStatic PE information: section name: .gxfg
Source: installer.exe.8.drStatic PE information: section name: .retplne
Source: installer.exe.8.drStatic PE information: section name: _RDATA
Source: vk_swiftshader.dll.8.drStatic PE information: section name: .00cfg
Source: vk_swiftshader.dll.8.drStatic PE information: section name: .gxfg
Source: vk_swiftshader.dll.8.drStatic PE information: section name: .retplne
Source: vk_swiftshader.dll.8.drStatic PE information: section name: _RDATA
Source: vulkan-1.dll.8.drStatic PE information: section name: .00cfg
Source: vulkan-1.dll.8.drStatic PE information: section name: .gxfg
Source: vulkan-1.dll.8.drStatic PE information: section name: .retplne
Source: vulkan-1.dll.8.drStatic PE information: section name: _RDATA
Source: win10_share_handler.dll.8.drStatic PE information: section name: .00cfg
Source: win10_share_handler.dll.8.drStatic PE information: section name: .gxfg
Source: win10_share_handler.dll.8.drStatic PE information: section name: .retplne
Source: win10_share_handler.dll.8.drStatic PE information: section name: _RDATA
Source: win8_importing.dll.8.drStatic PE information: section name: .00cfg
Source: win8_importing.dll.8.drStatic PE information: section name: .gxfg
Source: win8_importing.dll.8.drStatic PE information: section name: .retplne
Source: win8_importing.dll.8.drStatic PE information: section name: _RDATA
Source: installer_helper_64.exe.8.drStatic PE information: section name: .00cfg
Source: installer_helper_64.exe.8.drStatic PE information: section name: .gxfg
Source: installer_helper_64.exe.8.drStatic PE information: section name: .retplne
Source: installer_helper_64.exe.8.drStatic PE information: section name: _RDATA
Source: launcher.exe.8.drStatic PE information: section name: .00cfg
Source: launcher.exe.8.drStatic PE information: section name: .gxfg
Source: launcher.exe.8.drStatic PE information: section name: .retplne
Source: launcher.exe.8.drStatic PE information: section name: LZMADEC
Source: launcher.exe.8.drStatic PE information: section name: _RDATA
Source: launcher.exe.8.drStatic PE information: section name: malloc_h
Source: libEGL.dll.8.drStatic PE information: section name: .00cfg
Source: libEGL.dll.8.drStatic PE information: section name: .gxfg
Source: libEGL.dll.8.drStatic PE information: section name: .retplne
Source: libEGL.dll.8.drStatic PE information: section name: _RDATA
Source: libGLESv2.dll.8.drStatic PE information: section name: .00cfg
Source: libGLESv2.dll.8.drStatic PE information: section name: .gxfg
Source: libGLESv2.dll.8.drStatic PE information: section name: .retplne
Source: libGLESv2.dll.8.drStatic PE information: section name: _RDATA
Source: Opera_installer_2403301638223875280.dll.9.drStatic PE information: section name: .00cfg
Source: Opera_installer_2403301638223875280.dll.9.drStatic PE information: section name: .rodata
Source: Opera_installer_2403301638223875280.dll.9.drStatic PE information: section name: CPADinfo
Source: Opera_installer_2403301638223875280.dll.9.drStatic PE information: section name: malloc_h
Source: assistant_installer.exe.11.drStatic PE information: section name: .00cfg
Source: assistant_installer.exe.11.drStatic PE information: section name: .voltbl
Source: assistant_installer.exe.11.drStatic PE information: section name: CPADinfo
Source: browser_assistant.exe.11.drStatic PE information: section name: .00cfg
Source: browser_assistant.exe.11.drStatic PE information: section name: .rodata
Source: browser_assistant.exe.11.drStatic PE information: section name: .voltbl
Source: browser_assistant.exe.11.drStatic PE information: section name: CPADinfo
Source: mojo_core.dll.11.drStatic PE information: section name: .00cfg
Source: mojo_core.dll.11.drStatic PE information: section name: .voltbl
Source: Opera_installer_2403301639261945676.dll.14.drStatic PE information: section name: .00cfg
Source: Opera_installer_2403301639261945676.dll.14.drStatic PE information: section name: .gxfg
Source: Opera_installer_2403301639261945676.dll.14.drStatic PE information: section name: .retplne
Source: Opera_installer_2403301639261945676.dll.14.drStatic PE information: section name: .rodata
Source: Opera_installer_2403301639261945676.dll.14.drStatic PE information: section name: CPADinfo
Source: Opera_installer_2403301639261945676.dll.14.drStatic PE information: section name: LZMADEC
Source: Opera_installer_2403301639261945676.dll.14.drStatic PE information: section name: _RDATA
Source: Opera_installer_2403301639261945676.dll.14.drStatic PE information: section name: malloc_h
Source: opera.exe.14.drStatic PE information: section name: .00cfg
Source: opera.exe.14.drStatic PE information: section name: .gxfg
Source: opera.exe.14.drStatic PE information: section name: .retplne
Source: opera.exe.14.drStatic PE information: section name: _RDATA
Source: launcher.exe.14.drStatic PE information: section name: .00cfg
Source: launcher.exe.14.drStatic PE information: section name: .gxfg
Source: launcher.exe.14.drStatic PE information: section name: .retplne
Source: launcher.exe.14.drStatic PE information: section name: LZMADEC
Source: launcher.exe.14.drStatic PE information: section name: _RDATA
Source: launcher.exe.14.drStatic PE information: section name: malloc_h
Source: Opera_installer_2403301639264782764.dll.15.drStatic PE information: section name: .00cfg
Source: Opera_installer_2403301639264782764.dll.15.drStatic PE information: section name: .gxfg
Source: Opera_installer_2403301639264782764.dll.15.drStatic PE information: section name: .retplne
Source: Opera_installer_2403301639264782764.dll.15.drStatic PE information: section name: .rodata
Source: Opera_installer_2403301639264782764.dll.15.drStatic PE information: section name: CPADinfo
Source: Opera_installer_2403301639264782764.dll.15.drStatic PE information: section name: LZMADEC
Source: Opera_installer_2403301639264782764.dll.15.drStatic PE information: section name: _RDATA
Source: Opera_installer_2403301639264782764.dll.15.drStatic PE information: section name: malloc_h
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exeCode function: 11_2_00412C00 push eax; ret 11_2_00412C2E
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 12_2_0097B10C push ecx; ret 12_2_0097B11F
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 13_2_008ECE90 push 89084589h; iretd 13_2_008ECE95
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 13_2_0097B10C push ecx; ret 13_2_0097B11F
Source: initial sampleStatic PE information: section name: UPX0
Source: initial sampleStatic PE information: section name: UPX1
Source: initial sampleStatic PE information: section name: UPX0
Source: initial sampleStatic PE information: section name: UPX1
Source: initial sampleStatic PE information: section name: UPX0
Source: initial sampleStatic PE information: section name: UPX1
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeFile created: C:\Users\user\AppData\Local\Temp\Opera_installer_2403301638220563568.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeFile created: C:\Users\user\AppData\Local\Temp\Opera_installer_2403301638213415396.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeFile created: C:\Users\user\AppData\Local\Temp\Opera_installer_2403301638223875280.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeFile created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\win8_importing.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeFile created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\additional_file0.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeFile created: C:\Users\user\AppData\Local\Temp\Opera_installer_2403301638210966968.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exeFile created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeFile created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeFile created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\assistant_packageJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeFile created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\d3dcompiler_47.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LCQTO.tmp\winrar-x64-620b2.tmpFile created: C:\Program Files (x86)\Real Files\unins000.exe (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeFile created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_browser.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeFile created: C:\Users\user\AppData\Local\Temp\Opera_installer_2403301639261945676.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeFile created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_crashreporter.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeFile created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\opera_packageJump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeFile created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\launcher.exe.1711816766.old (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\set_0.exeFile created: C:\Users\user\AppData\Local\Temp\Opera_installer_2403301638216716504.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeFile created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer_helper_64.exeJump to dropped file
Source: C:\Users\user\Desktop\winrar-x64-620b2.exeFile created: C:\Users\user\AppData\Local\Temp\is-LCQTO.tmp\winrar-x64-620b2.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exeFile created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\browser_assistant.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\OperaGXSetup[1].exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exeFile created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\mojo_core.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeFile created: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeFile created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\Opera_GX_assistant_73.0.3856.382_Setup[1].exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\Opera_GX_107.0.5045.79_Autoupdate_x64[1].exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeFile created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\dxil.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exeFile created: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeFile created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_elf.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeFile created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\libGLESv2.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeFile created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LCQTO.tmp\winrar-x64-620b2.tmpFile created: C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exe (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeFile created: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LCQTO.tmp\winrar-x64-620b2.tmpFile created: C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\_isetup\_setup64.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeFile created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\set_0.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exeFile created: C:\idman641build3.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\Icrepplo_98220[1].exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeFile created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\notification_helper.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeFile created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\CUESDK.x64_2017.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeFile created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\launcher.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeFile created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\dxcompiler.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeFile created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\libEGL.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exeFile created: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\inetc.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeFile created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_autoupdate.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LCQTO.tmp\winrar-x64-620b2.tmpFile created: C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\is-U8A6E.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LCQTO.tmp\winrar-x64-620b2.tmpFile created: C:\Program Files (x86)\Real Files\is-LASMM.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeFile created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\vulkan-1.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LCQTO.tmp\winrar-x64-620b2.tmpFile created: C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\is-41CVR.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeFile created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\mojo_core.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeFile created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\vk_swiftshader.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeFile created: C:\Users\user\AppData\Local\Temp\Opera_installer_2403301639264782764.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeFile created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\win10_share_handler.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeFile created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exeFile created: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_1.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeFile created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\opera_packageJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeFile created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\assistant_packageJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeFile created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer\opera_installer_20240330173821471.logJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeFile created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer\opera_installer_20240330173822509.logJump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeFile created: C:\Users\user\AppData\Local\Temp\assistant_installer_20240330173850.log
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeFile created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer\opera_installer_20240330173926631.log
Source: C:\Users\user\AppData\Local\Temp\is-LCQTO.tmp\winrar-x64-620b2.tmpRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LCQTO.tmp\winrar-x64-620b2.tmpRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeKey value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Taskband FavoritesResolve
Source: C:\Users\user\Desktop\winrar-x64-620b2.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LCQTO.tmp\winrar-x64-620b2.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LCQTO.tmp\winrar-x64-620b2.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LCQTO.tmp\winrar-x64-620b2.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LCQTO.tmp\winrar-x64-620b2.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LCQTO.tmp\winrar-x64-620b2.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LCQTO.tmp\winrar-x64-620b2.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LCQTO.tmp\winrar-x64-620b2.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LCQTO.tmp\winrar-x64-620b2.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LCQTO.tmp\winrar-x64-620b2.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LCQTO.tmp\winrar-x64-620b2.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LCQTO.tmp\winrar-x64-620b2.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 12_2_008AA6D0 rdtsc 12_2_008AA6D0
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Opera_installer_2403301638220563568.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Opera_installer_2403301638213415396.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\Opera_GX_107.0.5045.79_Autoupdate_x64[1].exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\dxil.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Opera_installer_2403301638223875280.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\libGLESv2.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_elf.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\win8_importing.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Opera_installer_2403301638210966968.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LCQTO.tmp\winrar-x64-620b2.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\_isetup\_setup64.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exeDropped PE file which has not been started: C:\idman641build3.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\assistant_packageJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\Icrepplo_98220[1].exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\notification_helper.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\CUESDK.x64_2017.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\launcher.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\d3dcompiler_47.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\dxcompiler.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\libEGL.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LCQTO.tmp\winrar-x64-620b2.tmpDropped PE file which has not been started: C:\Program Files (x86)\Real Files\unins000.exe (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_browser.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Opera_installer_2403301639261945676.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_crashreporter.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\opera_packageJump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\launcher.exe.1711816766.old (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\inetc.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_autoupdate.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\set_0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Opera_installer_2403301638216716504.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LCQTO.tmp\winrar-x64-620b2.tmpDropped PE file which has not been started: C:\Program Files (x86)\Real Files\is-LASMM.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\vulkan-1.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer_helper_64.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\mojo_core.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\vk_swiftshader.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\browser_assistant.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Opera_installer_2403301639264782764.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\win10_share_handler.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\mojo_core.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_1.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeEvaded block: after key decision
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeEvasive API call chain: GetSystemTimeAsFileTime,DecisionNodesgraph_12-72427
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeAPI coverage: 6.4 %
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeAPI coverage: 4.2 %
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeFile Volume queried: C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp FullSizeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeFile Volume queried: C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp FullSizeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeFile Volume queried: C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp FullSizeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exeCode function: 3_2_00405E61 FindFirstFileA,FindClose,3_2_00405E61
Source: C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exeCode function: 3_2_0040548B CloseHandle,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,3_2_0040548B
Source: C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exeCode function: 3_2_0040263E FindFirstFileA,3_2_0040263E
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exeCode function: 11_2_004033B3 GetFileAttributesW,SetLastError,FindFirstFileW,FindClose,CompareFileTime,11_2_004033B3
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exeCode function: 11_2_00402F12 FindFirstFileW,SetFileAttributesW,lstrcmpW,lstrcmpW,SetFileAttributesW,DeleteFileW,FindNextFileW,FindClose,SetFileAttributesW,RemoveDirectoryW,??3@YAXPAX@Z,??3@YAXPAX@Z,11_2_00402F12
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 12_2_008A9120 PathMatchSpecW,FindNextFileW,FindClose,FindFirstFileExW,GetLastError,GetFileAttributesW,12_2_008A9120
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 12_2_00939AE2 FindFirstFileExW,12_2_00939AE2
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 13_2_008A9120 PathMatchSpecW,FindNextFileW,FindClose,FindFirstFileExW,GetLastError,GetFileAttributesW,13_2_008A9120
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 13_2_00939AE2 FindFirstFileExW,13_2_00939AE2
Source: C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exeFile opened: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\inetc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exeFile opened: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exeFile opened: C:\Users\user\AppData\Local\Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exeFile opened: C:\Users\user\AppData\Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exeFile opened: C:\Users\user\Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exeFile opened: C:\Users\user\AppData\Local\Temp\Jump to behavior
Source: setup.exe, 00000003.00000002.3243273604.0000000000861000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: "endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bYmgozOOf%2B07k6UcmqsYDN%2F1eivtpV110QMI16PtTgtypIzfTtQAqyWo0MVqRpbpHwt1Sfn5BIqDEoSI%2FHpiIwyOZdiwLFBl26NVyEN8Bnu5P4GezvMCI97TjFW3P6dvR%2FA%3D"}],"group":"cf-nel","max_age":604800}
Source: explorer.exe, 00000012.00000002.3256594652.00000000076F8000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}99105f770555d7dd
Source: explorer.exe, 00000012.00000000.2923951746.0000000009AF9000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000002.3280950871.0000000009AF9000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW0r
Source: explorer.exe, 00000012.00000003.3096211211.0000000009BA0000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000
Source: explorer.exe, 00000012.00000003.3096211211.0000000009BA0000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: NXTcaVMWare
Source: explorer.exe, 00000012.00000003.3096211211.0000000009BA0000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: explorer.exe, 00000012.00000000.2923951746.0000000009B41000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\4&224F42EF&0&000000%
Source: explorer.exe, 00000012.00000003.3145205246.0000000003554000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: VMware, Inc.
Source: explorer.exe, 00000012.00000003.3096211211.0000000009BA0000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: VMware SATA CD00
Source: explorer.exe, 00000012.00000000.2918772561.0000000000F13000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000A
Source: explorer.exe, 00000012.00000003.3145205246.0000000003554000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: VMware-42 27 d9 2e dc 89 72 dX
Source: explorer.exe, 00000012.00000002.3256594652.00000000076F8000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}^
Source: winrar-x64-620b2.tmp, 00000001.00000002.3240288278.000000000097E000.00000004.00000020.00020000.00000000.sdmp, winrar-x64-620b2.tmp, 00000001.00000003.2113559302.00000000009C0000.00000004.00000020.00020000.00000000.sdmp, winrar-x64-620b2.tmp, 00000001.00000002.3240288278.00000000009C5000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000003.00000002.3243273604.00000000007ED000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000003.00000002.3243273604.000000000084B000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000002.3149733003.0000000001073000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000002.3149733003.0000000001047000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000002.3149733003.0000000000FE0000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2264234501.000000000107B000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000012.00000000.2923951746.0000000009B2C000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: explorer.exe, 00000012.00000003.3145205246.0000000003554000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: VMware, Inc.NoneVMware-42 27 d9 2e dc 89 72 dX
Source: setup.exe, 00000003.00000002.3243273604.0000000000837000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWL
Source: explorer.exe, 00000012.00000003.3145205246.0000000003554000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: VMware,p
Source: explorer.exe, 00000012.00000003.3096211211.0000000009BA0000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\4&224f42ef&0&000000_
Source: explorer.exe, 00000012.00000000.2918772561.0000000000F13000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000
Source: explorer.exe, 00000012.00000000.2923951746.0000000009B41000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
Source: explorer.exe, 00000012.00000002.3256594652.000000000769A000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exeAPI call chain: ExitProcess graph end nodegraph_3-4706
Source: C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exeAPI call chain: ExitProcess graph end nodegraph_3-4702
Source: C:\Users\user\AppData\Local\Temp\is-LCQTO.tmp\winrar-x64-620b2.tmpProcess information queried: ProcessInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 12_2_008AA6D0 rdtsc 12_2_008AA6D0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 12_2_008A6AE0 GetCurrentThread,IsDebuggerPresent,GetCurrentThreadId,__Init_thread_header,GetModuleHandleW,GetProcAddress,__Init_thread_footer,12_2_008A6AE0
Source: C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exeCode function: 3_2_00405E88 GetModuleHandleA,LoadLibraryA,GetProcAddress,3_2_00405E88
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 12_2_009997FB mov eax, dword ptr fs:[00000030h]12_2_009997FB
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 12_2_00987C65 mov eax, dword ptr fs:[00000030h]12_2_00987C65
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 13_2_009997FB mov eax, dword ptr fs:[00000030h]13_2_009997FB
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 13_2_00987C65 mov eax, dword ptr fs:[00000030h]13_2_00987C65
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 12_2_008BAD1E GetCurrentProcessId,CreateEventW,CreateEventW,CreateEventW,CreateEventW,SetUnhandledExceptionFilter,CreateThread,12_2_008BAD1E
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 12_2_0090206C SetUnhandledExceptionFilter,SetConsoleCtrlHandler,_strlen,_strlen,_strlen,_strlen,_strlen,SetUnhandledExceptionFilter,_strlen,_strlen,SetProcessShutdownParameters,__Init_thread_header,__Init_thread_footer,_strlen,12_2_0090206C
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 12_2_008BC3B6 GetCurrentProcessId,SetUnhandledExceptionFilter,12_2_008BC3B6
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 12_2_0097A428 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,12_2_0097A428
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 12_2_008BACEE GetCurrentProcessId,CreateEventW,CreateEventW,CreateEventW,CreateEventW,SetUnhandledExceptionFilter,CreateThread,12_2_008BACEE
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 12_2_00851C00 SetUnhandledExceptionFilter,12_2_00851C00
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 12_2_0098BE76 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,12_2_0098BE76
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 13_2_0090206C SetUnhandledExceptionFilter,SetConsoleCtrlHandler,_strlen,_strlen,_strlen,_strlen,_strlen,SetUnhandledExceptionFilter,_strlen,_strlen,SetProcessShutdownParameters,__Init_thread_header,_strlen,13_2_0090206C
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 13_2_008BC3B6 GetCurrentProcessId,SetUnhandledExceptionFilter,13_2_008BC3B6
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 13_2_0097A428 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,13_2_0097A428
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 13_2_008BAD1E GetCurrentProcessId,CreateEventW,CreateEventW,CreateEventW,CreateEventW,SetUnhandledExceptionFilter,CreateThread,13_2_008BAD1E
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 13_2_00851C00 SetUnhandledExceptionFilter,13_2_00851C00
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 13_2_0098BE76 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,13_2_0098BE76

HIPS / PFW / Operating System Protection Evasion

barindex
Found direct / indirect Syscall (likely to bypass EDR)
Source: C:\Program Files (x86)\nZAKxSqmPHiPhLDTQLuRLezesjzXVhvCmWJdKwnqhWK\zRLeaVuwHZUsAJ.exeNtQueryAttributesFile: Direct from: 0x76EF2E6C
Source: C:\Program Files (x86)\nZAKxSqmPHiPhLDTQLuRLezesjzXVhvCmWJdKwnqhWK\zRLeaVuwHZUsAJ.exeNtUnmapViewOfSection: Direct from: 0x76EF2D3C
Source: C:\Program Files (x86)\nZAKxSqmPHiPhLDTQLuRLezesjzXVhvCmWJdKwnqhWK\zRLeaVuwHZUsAJ.exeNtCreateMutant: Direct from: 0x76EF35CC
Source: C:\Program Files (x86)\nZAKxSqmPHiPhLDTQLuRLezesjzXVhvCmWJdKwnqhWK\zRLeaVuwHZUsAJ.exeNtQueryVolumeInformationFile: Direct from: 0x76EF2F2C
Source: C:\Program Files (x86)\nZAKxSqmPHiPhLDTQLuRLezesjzXVhvCmWJdKwnqhWK\zRLeaVuwHZUsAJ.exeNtMapViewOfSection: Direct from: 0x76EF2D1C
Source: C:\Program Files (x86)\nZAKxSqmPHiPhLDTQLuRLezesjzXVhvCmWJdKwnqhWK\zRLeaVuwHZUsAJ.exeNtOpenSection: Direct from: 0x76EF2E0C
Source: C:\Program Files (x86)\nZAKxSqmPHiPhLDTQLuRLezesjzXVhvCmWJdKwnqhWK\zRLeaVuwHZUsAJ.exeNtDeviceIoControlFile: Direct from: 0x76EF2AEC
Source: C:\Program Files (x86)\nZAKxSqmPHiPhLDTQLuRLezesjzXVhvCmWJdKwnqhWK\zRLeaVuwHZUsAJ.exeNtAllocateVirtualMemory: Direct from: 0x76EF2BFC
Source: C:\Program Files (x86)\nZAKxSqmPHiPhLDTQLuRLezesjzXVhvCmWJdKwnqhWK\zRLeaVuwHZUsAJ.exeNtAddAtomEx: Direct from: 0x76EF312C
Source: C:\Program Files (x86)\nZAKxSqmPHiPhLDTQLuRLezesjzXVhvCmWJdKwnqhWK\zRLeaVuwHZUsAJ.exeNtQueryValueKey: Direct from: 0x76EF2BEC
Source: C:\Program Files (x86)\nZAKxSqmPHiPhLDTQLuRLezesjzXVhvCmWJdKwnqhWK\zRLeaVuwHZUsAJ.exeNtSetInformationThread: Direct from: 0x76EF2ECC
Source: C:\Program Files (x86)\nZAKxSqmPHiPhLDTQLuRLezesjzXVhvCmWJdKwnqhWK\zRLeaVuwHZUsAJ.exeNtCreateFile: Direct from: 0x76EF2FEC
Source: C:\Program Files (x86)\nZAKxSqmPHiPhLDTQLuRLezesjzXVhvCmWJdKwnqhWK\zRLeaVuwHZUsAJ.exeNtOpenFile: Direct from: 0x76EF2DCC
Source: C:\Program Files (x86)\nZAKxSqmPHiPhLDTQLuRLezesjzXVhvCmWJdKwnqhWK\zRLeaVuwHZUsAJ.exeNtQueryInformationProcess: Direct from: 0x76EF2C26
Source: C:\Program Files (x86)\nZAKxSqmPHiPhLDTQLuRLezesjzXVhvCmWJdKwnqhWK\zRLeaVuwHZUsAJ.exeNtOpenKeyEx: Direct from: 0x76EF3C9C
Source: C:\Program Files (x86)\nZAKxSqmPHiPhLDTQLuRLezesjzXVhvCmWJdKwnqhWK\zRLeaVuwHZUsAJ.exeNtOpenKeyEx: Direct from: 0x76EF2B9C
Source: C:\Program Files (x86)\nZAKxSqmPHiPhLDTQLuRLezesjzXVhvCmWJdKwnqhWK\zRLeaVuwHZUsAJ.exeNtClose: Direct from: 0x76EF2B6C
Source: C:\Program Files (x86)\nZAKxSqmPHiPhLDTQLuRLezesjzXVhvCmWJdKwnqhWK\zRLeaVuwHZUsAJ.exeNtSetInformationProcess: Direct from: 0x76EF2C5C
Source: C:\Program Files (x86)\nZAKxSqmPHiPhLDTQLuRLezesjzXVhvCmWJdKwnqhWK\zRLeaVuwHZUsAJ.exeNtReadVirtualMemory: Direct from: 0x76EF2E8C
Source: C:\Program Files (x86)\nZAKxSqmPHiPhLDTQLuRLezesjzXVhvCmWJdKwnqhWK\zRLeaVuwHZUsAJ.exeNtProtectVirtualMemory: Direct from: 0x76EF2F9C
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeProcess created: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=107.0.5045.79 --initial-client-data=0x398,0x39c,0x3a0,0x374,0x3a4,0x6c3a623c,0x6c3a6248,0x6c3a6254Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeProcess created: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe "C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="C:\Users\user\AppData\Local\Programs\Opera GX" --profile-folder --language=en-GB --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=6968 --package-dir-prefix="C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_20240330173821" --session-guid=a10f841a-b084-4b1c-a270-9471596263d2 --server-tracking-blob=MzQwYjFlY2Q3YzUwMzljOWRhMzc4ZWY2NDVlZTkxNGE5MzY0ODhiMmM5YmFiMDE5ZTk1N2JhOTU2NTJhM2RiNzp7ImNvdW50cnkiOiJVUyIsImVkaXRpb24iOiJzdGQtMSIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOnsibmFtZSI6Im9wZXJhX2d4In0sInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS9lZGl0aW9uL3N0ZC0xP3V0bV9zb3VyY2U9UFdOZ2FtZXMmdXRtX21lZGl1bT1wYSZ1dG1fY2FtcGFpZ249UFdOX1VTX1BCM19ERF8zNjYxJnV0bV9pZD1hOTUzMmNlZWRiYTc0NzJhODlhNzNhZGI3MDI3ZGI4NSZ1dG1fY29udGVudD0zNjYxXzIzNTMiLCJzeXN0ZW0iOnsicGxhdGZvcm0iOnsiYXJjaCI6Ing4Nl82NCIsIm9wc3lzIjoiV2luZG93cyIsIm9wc3lzLXZlcnNpb24iOiIxMCIsInBhY2thZ2UiOiJFWEUifX0sInRpbWVzdGFtcCI6IjE3MTE4MTY2OTkuOTMyNiIsInVzZXJhZ2VudCI6Iklubm9Eb3dubG9hZFBsdWdpbi8xLjUiLCJ1dG0iOnsiY2FtcGFpZ24iOiJQV05fVVNfUEIzX0REXzM2NjEiLCJjb250ZW50IjoiMzY2MV8yMzUzIiwiaWQiOiJhOTUzMmNlZWRiYTc0NzJhODlhNzNhZGI3MDI3ZGI4NSIsIm1lZGl1bSI6InBhIiwic291cmNlIjoiUFdOZ2FtZXMifSwidXVpZCI6IjFiNjA5MDQ5LTIxN2QtNDVkMy04ODZiLTM3N2E2MTY5YWJiZCJ9 --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=0406000000000000Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeProcess created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exe "C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exe" --versionJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeProcess created: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=107.0.5045.79 --initial-client-data=0x388,0x38c,0x390,0x364,0x394,0x6b74623c,0x6b746248,0x6b746254Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeProcess created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exe "C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=73.0.3856.382 --initial-client-data=0x334,0x338,0x33c,0x310,0x340,0x9f4f48,0x9f4f58,0x9f4f64
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeProcess created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe "C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktopGX --annotation=ver=107.0.5045.79 --initial-client-data=0x2c4,0x2c8,0x2cc,0x29c,0x2d0,0x7ff8a8dad180,0x7ff8a8dad18c,0x7ff8a8dad198
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeProcess created: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe c:\users\user\appdata\local\temp\nswe17e.tmp\set_0.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=c:\users\user\appdata\roaming\opera software\opera gx stable\crash reports" "--crash-count-file=c:\users\user\appdata\roaming\opera software\opera gx stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=stable --annotation=plat=win32 --annotation=prod=operadesktopgx --annotation=ver=107.0.5045.79 --initial-client-data=0x398,0x39c,0x3a0,0x374,0x3a4,0x6c3a623c,0x6c3a6248,0x6c3a6254
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeProcess created: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe "c:\users\user\appdata\local\temp\nswe17e.tmp\set_0.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="c:\users\user\appdata\local\programs\opera gx" --profile-folder --language=en-gb --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=6968 --package-dir-prefix="c:\users\user\appdata\local\temp\.opera\opera gx installer temp\opera_package_20240330173821" --session-guid=a10f841a-b084-4b1c-a270-9471596263d2 --server-tracking-blob=mzqwyjfly2q3yzuwmzljowrhmzc4zwy2ndvlztkxnge5mzy0odhimmm5ymfimde5ztk1n2jhotu2ntjhm2rinzp7imnvdw50cnkioijvuyisimvkaxrpb24ioijzdgqtmsisimluc3rhbgxlcl9uyw1lijoit3blcmfhwfnldhvwlmv4zsisinbyb2r1y3qionsibmftzsi6im9wzxjhx2d4in0sinf1zxj5ijoil29wzxjhx2d4l3n0ywjszs9lzgl0aw9ul3n0zc0xp3v0bv9zb3vyy2u9ufdoz2ftzxmmdxrtx21lzgl1bt1wysz1dg1fy2ftcgfpz249ufdox1vtx1bcm19erf8znjyxjnv0bv9pzd1hotuzmmnlzwriytc0nzjhodlhnznhzgi3mdi3zgi4nsz1dg1fy29udgvudd0znjyxxzizntmilcjzexn0zw0ionsicgxhdgzvcm0ionsiyxjjaci6ing4nl82ncisim9wc3lzijoiv2luzg93cyisim9wc3lzlxzlcnnpb24ioiixmcisinbhy2thz2uioijfweuifx0sinrpbwvzdgftcci6ije3mte4mty2otkuotmyniisinvzzxjhz2vudci6iklubm9eb3dubg9hzfbsdwdpbi8xljuilcj1dg0ionsiy2ftcgfpz24ioijqv05fvvnfueizx0rexzm2njeilcjjb250zw50ijoimzy2mv8ymzuziiwiawqioijhotuzmmnlzwriytc0nzjhodlhnznhzgi3mdi3zgi4nsisim1lzgl1bsi6inbhiiwic291cmnlijoiufdoz2ftzxmifswidxvpzci6ijfinja5mdq5ltixn2qtndvkmy04odziltm3n2e2mty5ywjizcj9 --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=0406000000000000
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeProcess created: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe c:\users\user\appdata\local\temp\nswe17e.tmp\set_0.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=c:\users\user\appdata\roaming\opera software\opera gx stable\crash reports" "--crash-count-file=c:\users\user\appdata\roaming\opera software\opera gx stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=stable --annotation=plat=win32 --annotation=prod=operadesktopgx --annotation=ver=107.0.5045.79 --initial-client-data=0x388,0x38c,0x390,0x364,0x394,0x6b74623c,0x6b746248,0x6b746254
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeProcess created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exe "c:\users\user\appdata\local\temp\.opera\opera gx installer temp\opera_package_202403301738211\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=c:\users\user\appdata\roaming\opera software\opera gx stable\crash reports" "--crash-count-file=c:\users\user\appdata\roaming\opera software\opera gx stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=stable --annotation=plat=win32 --annotation=prod=operadesktopgx --annotation=ver=73.0.3856.382 --initial-client-data=0x334,0x338,0x33c,0x310,0x340,0x9f4f48,0x9f4f58,0x9f4f64
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeProcess created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe "c:\users\user\appdata\local\programs\opera gx\107.0.5045.79\installer.exe" --backend --initial-pid=6968 --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="c:\users\user\appdata\local\programs\opera gx" --profile-folder --language=en-gb --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --package-dir="c:\users\user\appdata\local\temp\.opera\opera gx installer temp\opera_package_202403301738211" --session-guid=a10f841a-b084-4b1c-a270-9471596263d2 --server-tracking-blob=mzqwyjfly2q3yzuwmzljowrhmzc4zwy2ndvlztkxnge5mzy0odhimmm5ymfimde5ztk1n2jhotu2ntjhm2rinzp7imnvdw50cnkioijvuyisimvkaxrpb24ioijzdgqtmsisimluc3rhbgxlcl9uyw1lijoit3blcmfhwfnldhvwlmv4zsisinbyb2r1y3qionsibmftzsi6im9wzxjhx2d4in0sinf1zxj5ijoil29wzxjhx2d4l3n0ywjszs9lzgl0aw9ul3n0zc0xp3v0bv9zb3vyy2u9ufdoz2ftzxmmdxrtx21lzgl1bt1wysz1dg1fy2ftcgfpz249ufdox1vtx1bcm19erf8znjyxjnv0bv9pzd1hotuzmmnlzwriytc0nzjhodlhnznhzgi3mdi3zgi4nsz1dg1fy29udgvudd0znjyxxzizntmilcjzexn0zw0ionsicgxhdgzvcm0ionsiyxjjaci6ing4nl82ncisim9wc3lzijoiv2luzg93cyisim9wc3lzlxzlcnnpb24ioiixmcisinbhy2thz2uioijfweuifx0sinrpbwvzdgftcci6ije3mte4mty2otkuotmyniisinvzzxjhz2vudci6iklubm9eb3dubg9hzfbsdwdpbi8xljuilcj1dg0ionsiy2ftcgfpz24ioijqv05fvvnfueizx0rexzm2njeilcjjb250zw50ijoimzy2mv8ymzuziiwiawqioijhotuzmmnlzwriytc0nzjhodlhnznhzgi3mdi3zgi4nsisim1lzgl1bsi6inbhiiwic291cmnlijoiufdoz2ftzxmifswidxvpzci6ijfinja5mdq5ltixn2qtndvkmy04odziltm3n2e2mty5ywjizcj9 --silent --desktopshortcut=1 --install-subfolder=107.0.5045.79
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeProcess created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe "c:\users\user\appdata\local\programs\opera gx\107.0.5045.79\installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=c:\users\user\appdata\roaming\opera software\opera gx stable\crash reports" "--crash-count-file=c:\users\user\appdata\roaming\opera software\opera gx stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=stable --annotation=plat=win64 --annotation=prod=operadesktopgx --annotation=ver=107.0.5045.79 --initial-client-data=0x2c4,0x2c8,0x2cc,0x29c,0x2d0,0x7ff8a8dad180,0x7ff8a8dad18c,0x7ff8a8dad198
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeProcess created: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe c:\users\user\appdata\local\temp\nswe17e.tmp\set_0.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=c:\users\user\appdata\roaming\opera software\opera gx stable\crash reports" "--crash-count-file=c:\users\user\appdata\roaming\opera software\opera gx stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=stable --annotation=plat=win32 --annotation=prod=operadesktopgx --annotation=ver=107.0.5045.79 --initial-client-data=0x398,0x39c,0x3a0,0x374,0x3a4,0x6c3a623c,0x6c3a6248,0x6c3a6254Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeProcess created: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe "c:\users\user\appdata\local\temp\nswe17e.tmp\set_0.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="c:\users\user\appdata\local\programs\opera gx" --profile-folder --language=en-gb --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=6968 --package-dir-prefix="c:\users\user\appdata\local\temp\.opera\opera gx installer temp\opera_package_20240330173821" --session-guid=a10f841a-b084-4b1c-a270-9471596263d2 --server-tracking-blob=mzqwyjfly2q3yzuwmzljowrhmzc4zwy2ndvlztkxnge5mzy0odhimmm5ymfimde5ztk1n2jhotu2ntjhm2rinzp7imnvdw50cnkioijvuyisimvkaxrpb24ioijzdgqtmsisimluc3rhbgxlcl9uyw1lijoit3blcmfhwfnldhvwlmv4zsisinbyb2r1y3qionsibmftzsi6im9wzxjhx2d4in0sinf1zxj5ijoil29wzxjhx2d4l3n0ywjszs9lzgl0aw9ul3n0zc0xp3v0bv9zb3vyy2u9ufdoz2ftzxmmdxrtx21lzgl1bt1wysz1dg1fy2ftcgfpz249ufdox1vtx1bcm19erf8znjyxjnv0bv9pzd1hotuzmmnlzwriytc0nzjhodlhnznhzgi3mdi3zgi4nsz1dg1fy29udgvudd0znjyxxzizntmilcjzexn0zw0ionsicgxhdgzvcm0ionsiyxjjaci6ing4nl82ncisim9wc3lzijoiv2luzg93cyisim9wc3lzlxzlcnnpb24ioiixmcisinbhy2thz2uioijfweuifx0sinrpbwvzdgftcci6ije3mte4mty2otkuotmyniisinvzzxjhz2vudci6iklubm9eb3dubg9hzfbsdwdpbi8xljuilcj1dg0ionsiy2ftcgfpz24ioijqv05fvvnfueizx0rexzm2njeilcjjb250zw50ijoimzy2mv8ymzuziiwiawqioijhotuzmmnlzwriytc0nzjhodlhnznhzgi3mdi3zgi4nsisim1lzgl1bsi6inbhiiwic291cmnlijoiufdoz2ftzxmifswidxvpzci6ijfinja5mdq5ltixn2qtndvkmy04odziltm3n2e2mty5ywjizcj9 --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=0406000000000000Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeProcess created: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe c:\users\user\appdata\local\temp\nswe17e.tmp\set_0.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=c:\users\user\appdata\roaming\opera software\opera gx stable\crash reports" "--crash-count-file=c:\users\user\appdata\roaming\opera software\opera gx stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=stable --annotation=plat=win32 --annotation=prod=operadesktopgx --annotation=ver=107.0.5045.79 --initial-client-data=0x388,0x38c,0x390,0x364,0x394,0x6b74623c,0x6b746248,0x6b746254Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeProcess created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe "c:\users\user\appdata\local\programs\opera gx\107.0.5045.79\installer.exe" --backend --initial-pid=6968 --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="c:\users\user\appdata\local\programs\opera gx" --profile-folder --language=en-gb --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --package-dir="c:\users\user\appdata\local\temp\.opera\opera gx installer temp\opera_package_202403301738211" --session-guid=a10f841a-b084-4b1c-a270-9471596263d2 --server-tracking-blob=mzqwyjfly2q3yzuwmzljowrhmzc4zwy2ndvlztkxnge5mzy0odhimmm5ymfimde5ztk1n2jhotu2ntjhm2rinzp7imnvdw50cnkioijvuyisimvkaxrpb24ioijzdgqtmsisimluc3rhbgxlcl9uyw1lijoit3blcmfhwfnldhvwlmv4zsisinbyb2r1y3qionsibmftzsi6im9wzxjhx2d4in0sinf1zxj5ijoil29wzxjhx2d4l3n0ywjszs9lzgl0aw9ul3n0zc0xp3v0bv9zb3vyy2u9ufdoz2ftzxmmdxrtx21lzgl1bt1wysz1dg1fy2ftcgfpz249ufdox1vtx1bcm19erf8znjyxjnv0bv9pzd1hotuzmmnlzwriytc0nzjhodlhnznhzgi3mdi3zgi4nsz1dg1fy29udgvudd0znjyxxzizntmilcjzexn0zw0ionsicgxhdgzvcm0ionsiyxjjaci6ing4nl82ncisim9wc3lzijoiv2luzg93cyisim9wc3lzlxzlcnnpb24ioiixmcisinbhy2thz2uioijfweuifx0sinrpbwvzdgftcci6ije3mte4mty2otkuotmyniisinvzzxjhz2vudci6iklubm9eb3dubg9hzfbsdwdpbi8xljuilcj1dg0ionsiy2ftcgfpz24ioijqv05fvvnfueizx0rexzm2njeilcjjb250zw50ijoimzy2mv8ymzuziiwiawqioijhotuzmmnlzwriytc0nzjhodlhnznhzgi3mdi3zgi4nsisim1lzgl1bsi6inbhiiwic291cmnlijoiufdoz2ftzxmifswidxvpzci6ijfinja5mdq5ltixn2qtndvkmy04odziltm3n2e2mty5ywjizcj9 --silent --desktopshortcut=1 --install-subfolder=107.0.5045.79Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeProcess created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exe "c:\users\user\appdata\local\temp\.opera\opera gx installer temp\opera_package_202403301738211\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=c:\users\user\appdata\roaming\opera software\opera gx stable\crash reports" "--crash-count-file=c:\users\user\appdata\roaming\opera software\opera gx stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=stable --annotation=plat=win32 --annotation=prod=operadesktopgx --annotation=ver=73.0.3856.382 --initial-client-data=0x334,0x338,0x33c,0x310,0x340,0x9f4f48,0x9f4f58,0x9f4f64
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeProcess created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe "c:\users\user\appdata\local\programs\opera gx\107.0.5045.79\installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=c:\users\user\appdata\roaming\opera software\opera gx stable\crash reports" "--crash-count-file=c:\users\user\appdata\roaming\opera software\opera gx stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=stable --annotation=plat=win64 --annotation=prod=operadesktopgx --annotation=ver=107.0.5045.79 --initial-client-data=0x2c4,0x2c8,0x2cc,0x29c,0x2d0,0x7ff8a8dad180,0x7ff8a8dad18c,0x7ff8a8dad198
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exeCode function: 11_2_0040247A AllocateAndInitializeSid,CheckTokenMembership,FreeSid,11_2_0040247A
Source: installer.exe, 0000000E.00000003.2908113154.000002DDED3D1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ..\..\opera\desktop\chrome_imports\chrome\browser\win\ui_automation_util.ccGetCachedBstrValue property is not a BSTR: GetCachedInt32Value property is not an I4: Cannot get app output Failed to run the elevated process: Failed wait for the elevated process: Unexpected result when waiting for elevated process: Shortcut element - no correct interface...\..\opera\desktop\windows\installer\common\pin_automator.ccDoneCannot get native menu handle.Cannot get desktop rect.Cannot find pin menu element.Could not activate the menu item.ProgmanSysListView324
Source: explorer.exe, 00000012.00000002.3289386190.0000000009BA5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000000.2923951746.0000000009B41000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000003.3096211211.0000000009BA0000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Shell_TrayWnd=
Source: installer.exe, 0000000E.00000000.2900452325.00007FF6C8757000.00000002.00000001.01000000.00000015.sdmp, installer.exe, 0000000F.00000002.3123167236.00007FF6C8757000.00000002.00000001.01000000.00000015.sdmpBinary or memory string: ..\..\opera\desktop\chrome_imports\chrome\browser\win\ui_automation_util.ccGetCachedBstrValue property is not a BSTR: GetCachedInt32Value property is not an I4: X64Cannot get the size of file version infoNo file version in the package\StringFileInfo\000004B0\ProductVersionNo product version value in the packageReceived an invalid version: \StringFileInfo\000004B0\ContinuousVersionReceived an invalid continuous build number: Cannot acquire internal version from the full version: \StringFileInfo\000004B0\StreamNo stream value in the packageCannot get exe output: version..\..\opera\desktop\windows\installer\common\file_version_utils_impl.ccInvalid version from exe: Cannot get exe output: streamCannot get app output Failed to run the elevated process: Failed wait for the elevated process: Unexpected result when waiting for elevated process: Shortcut element - no correct interface...\..\opera\desktop\windows\installer\common\pin_automator.ccDoneCannot get native menu handle.Cannot get desktop rect.Cannot find pin menu element.Could not activate the menu item.ProgmanSysListView324
Source: explorer.exe, 00000012.00000000.2919538038.0000000001731000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000012.00000002.3231604503.0000000000EB5000.00000004.00000010.00020000.00000000.sdmp, explorer.exe, 00000012.00000002.3244712183.0000000001731000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Program Manager
Source: set_0.exe, 00000005.00000002.3143372418.0000000000620000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000006.00000002.3155150882.0000000000620000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000007.00000002.2257434736.0000000000850000.00000040.00000001.01000000.0000000F.sdmpBinary or memory string: ..\..\opera\desktop\chrome_imports\chrome\browser\win\ui_automation_util.ccGetCachedBstrValue property is not a BSTR: GetCachedInt32Value property is not an I4: X64Cannot get the size of file version infoNo file version in the package\StringFileInfo\000004B0\ProductVersionNo product version value in the packageReceived an invalid version: \StringFileInfo\000004B0\ContinuousVersionReceived an invalid continuous build number: Cannot acquire internal version from the full version: \StringFileInfo\000004B0\StreamNo stream value in the packageCannot get exe output: version..\..\opera\desktop\windows\installer\common\file_version_utils_impl.ccInvalid version from exe: Cannot get exe output: streamCannot get app output Failed to run the elevated process: Failed wait for the elevated process: Unexpected result when waiting for elevated process: Shortcut element - no correct interface...\..\opera\desktop\windows\installer\common\pin_automator.ccDoneCannot get native menu handle.Cannot get desktop rect.Cannot find pin menu element.No rectangleCould not activate the menu item.ProgmanSysListView324
Source: explorer.exe, 00000012.00000000.2919538038.0000000001731000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000012.00000002.3244712183.0000000001731000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000012.00000002.3255015031.0000000004B00000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Shell_TrayWnd
Source: set_0.exe, installer.exe, 0000000E.00000003.3107786406.000002DDEB6F9000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000E.00000002.3109753894.000002DDEB704000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000E.00000003.3107705833.000002DDEB6DF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Progman
Source: explorer.exe, 00000012.00000000.2923757338.00000000095FC000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: Shell_TrayWnde
Source: explorer.exe, 00000012.00000000.2919538038.0000000001731000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000012.00000002.3244712183.0000000001731000.00000002.00000001.00040000.00000000.sdmp, zRLeaVuwHZUsAJ.exe, 00000013.00000000.2934580980.0000000000FD1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
Source: installer.exe, 0000000E.00000002.3109719933.000002DDEB6EA000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000E.00000003.3107705833.000002DDEB6DF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Program Manager_1
Source: explorer.exe, 00000012.00000002.3231967857.0000000000EF0000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000012.00000000.2918772561.0000000000EF8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: PProgman
Source: installer.exe, 0000000E.00000002.3109907363.000002DDED3D0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Shell_TrayWndr
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 12_2_00979EB0 cpuid 12_2_00979EB0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exeCode function: GetLastError,GetLastError,wsprintfW,GetEnvironmentVariableW,GetEnvironmentVariableW,GetLastError,??2@YAPAXI@Z,GetEnvironmentVariableW,GetLastError,lstrcmpiW,??3@YAXPAX@Z,??3@YAXPAX@Z,SetLastError,lstrlenA,??2@YAPAXI@Z,GetLocaleInfoW,_wtol,MultiByteToWideChar,11_2_004021B3
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: GetLocaleInfoW,12_2_0099769C
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: GetLocaleInfoW,13_2_0099769C
Source: C:\Users\user\AppData\Local\Temp\is-LCQTO.tmp\winrar-x64-620b2.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\installer_prefs_include.json VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeQueries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\files_list VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeQueries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\root_files_list VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\files_list VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\pref_default_overrides VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeQueries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeQueries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\installer_prefs_include.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeQueries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\custom_partner_content.json VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 12_2_008FCB18 GetVersion,CreateNamedPipeW,12_2_008FCB18
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exeCode function: 11_2_00401841 ??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,GetLocalTime,SystemTimeToFileTime,??2@YAPAXI@Z,GetLastError,??3@YAXPAX@Z,??3@YAXPAX@Z,GetLastError,??3@YAXPAX@Z,GetLastError,??3@YAXPAX@Z,??3@YAXPAX@Z,11_2_00401841
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 12_2_00860746 GetUserNameW,GetNamedSecurityInfoW,GetNamedSecurityInfoW,GetExplicitEntriesFromAclW,CheckTokenMembership,BuildExplicitAccessWithNameW,SetEntriesInAclW,SetEntriesInAclW,LocalFree,LocalFree,LocalFree,LocalFree,SetNamedSecurityInfoW,SetNamedSecurityInfoW,LocalFree,LocalFree,12_2_00860746
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exeCode function: 12_2_0098F7E2 GetTimeZoneInformation,12_2_0098F7E2
Source: C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exeCode function: 3_2_00405B88 GetVersion,GetSystemDirectoryA,GetWindowsDirectoryA,SHGetSpecialFolderLocation,SHGetPathFromIDListA,CoTaskMemFree,lstrcatA,lstrlenA,3_2_00405B88
Source: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exeRegistry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25 BlobJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire Infrastructure1
Valid Accounts		3
Native API		1
DLL Side-Loading		1
Abuse Elevation Control Mechanism		1
Disable or Modify Tools		1
Credential API Hooking		2
System Time Discovery		Remote Services11
Archive Collected Data		1
Ingress Tool Transfer		Exfiltration Over Other Network Medium1
System Shutdown/Reboot
CredentialsDomainsDefault Accounts12
Command and Scripting Interpreter		1
Valid Accounts		1
DLL Side-Loading		1
Deobfuscate/Decode Files or Information		11
Input Capture		1
Account Discovery		Remote Desktop Protocol1
Credential API Hooking		1
Encrypted Channel		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAt1
Windows Service		1
Valid Accounts		1
Abuse Elevation Control Mechanism		Security Account Manager3
File and Directory Discovery		SMB/Windows Admin Shares11
Input Capture		SteganographyAutomated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook11
Access Token Manipulation		31
Obfuscated Files or Information		NTDS35
System Information Discovery		Distributed Component Object Model1
Clipboard Data		Protocol ImpersonationTraffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script1
Windows Service		1
Software Packing		LSA Secrets1
Query Registry		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts13
Process Injection		1
Timestomp		Cached Domain Credentials21
Security Software Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
DLL Side-Loading		DCSync2
Process Discovery		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job12
Masquerading		Proc Filesystem3
System Owner/User Discovery		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
Valid Accounts		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron1
Modify Registry		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchd11
Access Token Manipulation		Input CaptureSystem Network Connections DiscoverySoftware Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption
Gather Victim Org InformationDNS ServerCompromise Software Supply ChainWindows Command ShellScheduled TaskScheduled Task13
Process Injection		KeyloggingProcess DiscoveryTaint Shared ContentScreen CaptureDNSExfiltration Over Physical MediumResource Hijacking

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1417804 Sample: winrar-x64-620b2.exe Startdate: 30/03/2024 Architecture: WINDOWS Score: 40 125 Antivirus detection for URL or domain 2->125 127 Antivirus / Scanner detection for submitted sample 2->127 129 Multi AV Scanner detection for submitted file 2->129 131 2 other signatures 2->131 11 winrar-x64-620b2.exe 2 2->11         started        process3 file4 99 C:\Users\user\...\winrar-x64-620b2.tmp, PE32 11->99 dropped 14 winrar-x64-620b2.tmp 23 20 11->14         started        process5 dnsIp6 121 104.21.83.102 CLOUDFLARENETUS United States 14->121 123 172.67.136.140 CLOUDFLARENETUS United States 14->123 101 C:\Users\user\AppData\...\setup.exe (copy), PE32 14->101 dropped 103 C:\Users\user\AppData\Local\...\is-U8A6E.tmp, PE32 14->103 dropped 105 C:\Users\user\AppData\Local\...\is-41CVR.tmp, PE32 14->105 dropped 107 3 other files (none is malicious) 14->107 dropped 18 setup.exe 37 14->18         started        file7 process8 dnsIp9 109 107.167.110.216 OPERASOFTWAREUS United States 18->109 111 185.203.242.81 ON-LINE-DATAServerlocation-NetherlandsDrontenNL Ukraine 18->111 113 3 other IPs or domains 18->113 55 C:\idman641build3.exe, PE32 18->55 dropped 57 C:\Users\user\AppData\Local\...\set_1.exe, PE32 18->57 dropped 59 C:\Users\user\AppData\Local\...\set_0.exe, PE32 18->59 dropped 61 3 other files (none is malicious) 18->61 dropped 22 set_0.exe 47 18->22         started        file10 process11 dnsIp12 115 107.167.110.218 OPERASOFTWAREUS United States 22->115 117 107.167.125.189 OPERASOFTWAREUS United States 22->117 119 6 other IPs or domains 22->119 73 Opera_installer_2403301638210966968.dll, PE32 22->73 dropped 75 C:\Users\user\AppData\Local\...\set_0.exe, PE32 22->75 dropped 77 C:\Users\user\AppData\Local\...\opera_package, PE32 22->77 dropped 79 4 other files (none is malicious) 22->79 dropped 26 set_0.exe 1 181 22->26         started        29 Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe 22->29         started        31 set_0.exe 5 22->31         started        33 2 other processes 22->33 file13 process14 file15 81 C:\Users\user\AppData\Local\...\installer.exe, PE32+ 26->81 dropped 83 Opera_installer_2403301638220563568.dll, PE32 26->83 dropped 85 C:\Users\user\AppData\...\win8_importing.dll, PE32+ 26->85 dropped 97 20 other files (none is malicious) 26->97 dropped 35 installer.exe 26->35         started        39 set_0.exe 4 26->39         started        87 C:\Users\user\AppData\Local\...\mojo_core.dll, PE32 29->87 dropped 89 C:\Users\user\...\browser_assistant.exe, PE32 29->89 dropped 91 C:\Users\user\...\assistant_installer.exe, PE32 29->91 dropped 93 Opera_installer_2403301638213415396.dll, PE32 31->93 dropped 95 Opera_installer_2403301638216716504.dll, PE32 33->95 dropped 41 assistant_installer.exe 33->41         started        process16 file17 63 Opera_installer_2403301639261945676.dll, PE32+ 35->63 dropped 65 C:\Users\user\AppData\Local\...\opera.exe, PE32+ 35->65 dropped 67 C:\Users\user\AppData\Local\...\launcher.exe, PE32+ 35->67 dropped 69 C:\...\launcher.exe.1711816766.old (copy), PE32+ 35->69 dropped 133 Installs a global event hook (focus changed) 35->133 43 zRLeaVuwHZUsAJ.exe 35->43 injected 46 zRLeaVuwHZUsAJ.exe 35->46 injected 48 installer.exe 35->48         started        51 20 other processes 35->51 71 Opera_installer_2403301638223875280.dll, PE32 39->71 dropped signatures18 process19 file20 135 Found direct / indirect Syscall (likely to bypass EDR) 43->135 53 Opera_installer_2403301639264782764.dll, PE32+ 48->53 dropped signatures21

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
winrar-x64-620b2.exe86%ReversingLabsWin32.Trojan.AgentTesla
winrar-x64-620b2.exe74%VirustotalBrowse
winrar-x64-620b2.exe100%AviraTR/Downloader.Gen

Dropped Files

SourceDetectionScannerLabelLink
C:\Program Files (x86)\Real Files\is-LASMM.tmp0%ReversingLabs
C:\Program Files (x86)\Real Files\unins000.exe (copy)0%ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\Opera_GX_assistant_73.0.3856.382_Setup[1].exe0%ReversingLabs
C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\CUESDK.x64_2017.dll0%ReversingLabs
C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\assistant_package0%ReversingLabs
C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\d3dcompiler_47.dll0%ReversingLabs
C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\dxcompiler.dll0%ReversingLabs
C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\dxil.dll0%ReversingLabs
C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe0%ReversingLabs
C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer_helper_64.exe0%ReversingLabs
C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\launcher.exe0%ReversingLabs
C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\launcher.exe.1711816766.old (copy)0%ReversingLabs
C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\libEGL.dll0%ReversingLabs
C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\libGLESv2.dll0%ReversingLabs
C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\mojo_core.dll0%ReversingLabs
C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\notification_helper.exe0%ReversingLabs
C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera.exe0%ReversingLabs
C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_autoupdate.exe0%ReversingLabs
C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_browser.dll0%ReversingLabs
C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_crashreporter.exe0%ReversingLabs
C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_elf.dll0%ReversingLabs
C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exe0%ReversingLabs
C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\vk_swiftshader.dll0%ReversingLabs
C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\vulkan-1.dll0%ReversingLabs
C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\win10_share_handler.dll0%ReversingLabs
C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\win8_importing.dll0%ReversingLabs
C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe0%ReversingLabs
C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe0%ReversingLabs
C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\additional_file0.tmp0%ReversingLabs
C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe (copy)0%ReversingLabs
C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exe0%ReversingLabs
C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\browser_assistant.exe0%ReversingLabs
C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\mojo_core.dll0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://autoupdate-staging.services.ams.osa/0%URL Reputationsafe
https://www.remobjects.com/ps0%URL Reputationsafe
http://autoupdate-staging.services.ams.osa/v4/v5/netinstaller///windows/x64v2/Fetching0%URL Reputationsafe
https://word.office.comon0%URL Reputationsafe
https://maskreason.xyz/pe/output/setup_2485076.exeX0%Avira URL Cloudsafe
https://desktop-netinstaller-sub.osp.opera.software/v1/binaryera.software30%Avira URL Cloudsafe
http://rabbitsseed.xyz/lod.php?fz=&d=nsis&msg=&r=offer_exists&rk=no&o=1662&a=2353&dn=420&spot=1&t=170%Avira URL Cloudsafe
https://desktop-netinstaller-sub.osp.opera.software/e0%Avira URL Cloudsafe
https://maskreason.xyz/pe/output/setup_2485076.exeN0%Avira URL Cloudsafe
https://sync.opera.com$10%Avira URL Cloudsafe
http://localhost:3001api/prefs/?product=$1&version=$2..0%Avira URL Cloudsafe
http://rabbitsseed.xyz/dol.php?spot=1&a=2353&on=420&o=16624V0%Avira URL Cloudsafe
http://rabbitsseed.xyz/dol.php?spot=3&a=2353&on=445&o=1679dH0%Avira URL Cloudsafe
https://desktop-netinstaller-sub.osp.opera.software/v1/binaryera.software30%VirustotalBrowse
https://downloads.adblockfast.com/0%Avira URL Cloudsafe
http://rabbitsseed.xyz/dol.php?spot=3&a=2353&on=445&o=1679A0%Avira URL Cloudsafe
https://desktop-netinstaller-sub.osp.opera.software/v1/binaryera.software0%Avira URL Cloudsafe
https://www.innosetup.com/0%Avira URL Cloudsafe
https://rabbitsseed.xyz/0%Avira URL Cloudsafe
http://rabbitsseed.xyz/lod.php?fz=&d=nsis&msg=&r=offer_execution_fail&rk=no&o=1679&a=2353&dn=445&spo0%Avira URL Cloudsafe
https://www.innosetup.com/1%VirustotalBrowse
http://rabbitsseed.xyz/lod.php?fz=&d=nsis&msg=&r=offer_execution_fail&rk=no&o=1661&a=2353&dn=419&spo0%Avira URL Cloudsafe
https://downloads.adblockfast.com/2%VirustotalBrowse
http://save.windowstone.website/t0%Avira URL Cloudsafe
https://desktop-netinstaller-sub.osp.opera.software/e0%VirustotalBrowse
http://save.windowstone.website/track_polos.php?tim=1711816681&rcc=US&c=2353&p=1.13http://rabbitssee0%Avira URL Cloudsafe
https://yandex.com.tr/search/?clid=1669559&text=0%Avira URL Cloudsafe
http://rabbitsseed.xyz/dol.php?spot=6&a=2353&on=416&o=16580%Avira URL Cloudsafe
https://desktop-netinstaller-sub.osp.opera.software/v1/binaryera.software0%VirustotalBrowse
http://aa.lockstart.host/ww.php?p=2268&t=46134022&title=UmVhbCBGaWxlcw==L100%Avira URL Cloudmalware
http://bb.handssurprise.website/ww.php?p=2268&t=46134022&title=UmVhbCBGaWxlcw==0%Avira URL Cloudsafe
https://desktop-netinstaller-sub.osp.opera.software/r-sub.osp.opera.software/sdSipVerifyHashDllFuncN0%Avira URL Cloudsafe
http://rabbitsseed.xyz/dol.php?spot=3&a=2353&on=445&o=16794W0%Avira URL Cloudsafe
http://rabbitsseed.xyz/lod.php?fz=&d=nsis&msg=&r=offer_execution_fail&rk=no&o=1662&a=2353&dn=420&spo0%Avira URL Cloudsafe
https://rabbitsseed.xyz/0%VirustotalBrowse
https://desktop-netinstaller-sub.osp.opera.software/etUrlCache0%Avira URL Cloudsafe
https://gamemaker.io)0%Avira URL Cloudsafe
https://desktop-netinstaller-sub.osp.opera.software/etUrlCache0%VirustotalBrowse
https://config.gx.games/v0/config?utm_campaign=PWN_US_PB3_DD_3661&utm_medium=pa&utm_source=PWNgames&0%Avira URL Cloudsafe
https://yandex.com.tr/search/?clid=1669559&text=0%VirustotalBrowse
https://www.biphic.com/6X6S73Q/KLT11XW/?sub1=2353&sub2=23530%Avira URL Cloudsafe
http://rabbitsseed.xyz/lod.php?fz=&d=nsis&msg=&r=offer_exists&rk=no&o=1679&a=2353&dn=445&spot=3&t=170%Avira URL Cloudsafe
https://www.inlogbrowser.com/pp.txt0%Avira URL Cloudsafe
https://config.gx.games/v0/config?utm_campaign=PWN_US_PB3_DD_3661&utm_medium=pa&utm_source=PWNgames&0%VirustotalBrowse
http://bb.handssurprise.website/ww.php?p=2268&t=46134022&title=UmVhbCBGaWxlcw==1%VirustotalBrowse
https://gamemaker.io/en/get.0%Avira URL Cloudsafe
http://rabbitsseed.xyz/dol.php?spot=1&a=2353&on=420&o=16620%Avira URL Cloudsafe
http://save.windowstone.website/track_inl2.php?tim=1711816681&poid=2353&p=1.25Inno0%Avira URL Cloudsafe
http://rabbitsseed.xyz/dol.php?spot=6&a=2353&on=416&o=16583%VirustotalBrowse
https://www.inlogbrowser.com/pp.txt0%VirustotalBrowse
https://gamemaker.io0%Avira URL Cloudsafe
https://gamemaker.io/en/get.0%VirustotalBrowse
https://desktop-netinstaller-sub.osp.opera.software/v1/binaryv90%Avira URL Cloudsafe
https://desktop-netinstaller-sub.osp.opera.software/r-sub.osp.opera.software/sdSipVerifyHashDllFuncN0%VirustotalBrowse
https://www.biphic.com/6X6S73Q/KLT11XW/?sub1=2353&sub2=2353DW0%Avira URL Cloudsafe
http://rabbitsseed.xyz/dol.php?spot=3&a=2353&on=445&o=1679p0%Avira URL Cloudsafe
http://rabbitsseed.xyz/lod.php?fz=&d=nsis&msg=&r=offer_execution&rk=no&o=1658&a=2353&dn=416&spot=6&t0%Avira URL Cloudsafe
http://rabbitsseed.xyz/dol.php?spot=1&a=2353&on=420&o=16623%VirustotalBrowse
https://gamemaker.io0%VirustotalBrowse
https://www.biphic.com/6X6S73Q/KLT11XW/?sub1=2353&sub2=23530%VirustotalBrowse
https://desktop-netinstaller-sub.osp.opera.software/v1/binaryIDoot0%Avira URL Cloudsafe
https://config.gx.games/0%Avira URL Cloudsafe
https://desktop-netinstaller-sub.osp.opera.software/v1/binaryv90%VirustotalBrowse

Domains and IPs

Contacted Domains

No contacted domains info

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
https://yandex.ua/search/?clid=2358536&text=installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpfalse
    		high
    https://legal.opera.com/termsset_0.exe, 00000005.00000002.3143372418.00000000005FA000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000006.00000002.3155150882.00000000005FA000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000007.00000002.2257434736.000000000082A000.00000040.00000001.01000000.0000000F.sdmp, set_0.exe, 00000008.00000002.3114831364.00000000005FA000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000009.00000002.3133575012.00000000005FA000.00000040.00000001.01000000.0000000C.sdmp, installer.exe, 0000000E.00000000.2900452325.00007FF6C8757000.00000002.00000001.01000000.00000015.sdmp, installer.exe, 0000000F.00000002.3123167236.00007FF6C8757000.00000002.00000001.01000000.00000015.sdmpfalse
      		high
      https://www.deezer.com/sr/logininstaller.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpfalse
        		high
        https://api.browser.yandex.ua/suggest/get?part=installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpfalse
          		high
          https://maskreason.xyz/pe/output/setup_2485076.exeNwinrar-x64-620b2.tmp, 00000001.00000003.2113559302.00000000009E9000.00000004.00000020.00020000.00000000.sdmp, winrar-x64-620b2.tmp, 00000001.00000003.2113868914.00000000009F4000.00000004.00000020.00020000.00000000.sdmp, winrar-x64-620b2.tmp, 00000001.00000002.3240288278.00000000009EE000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://help.opera.com/latest/set_0.exe, set_0.exe, 00000009.00000002.3133575012.0000000000620000.00000040.00000001.01000000.0000000C.sdmp, installer.exe, 0000000E.00000000.2900452325.00007FF6C8757000.00000002.00000001.01000000.00000015.sdmp, installer.exe, 0000000F.00000002.3123167236.00007FF6C8757000.00000002.00000001.01000000.00000015.sdmpfalse
            		high
            https://maskreason.xyz/pe/output/setup_2485076.exeXwinrar-x64-620b2.tmp, 00000001.00000002.3240288278.0000000000997000.00000004.00000020.00020000.00000000.sdmp, winrar-x64-620b2.tmp, 00000001.00000003.2113559302.0000000000993000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            https://addons.opera.com/extensions/download/13655f413caacdcc677b24dc0c615d1f5328d6a3/installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpfalse
              		high
              http://rabbitsseed.xyz/lod.php?fz=&d=nsis&msg=&r=offer_exists&rk=no&o=1662&a=2353&dn=420&spot=1&t=17setup.exe, 00000003.00000002.3243273604.000000000078E000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              https://policies.google.com/terms;set_0.exe, 00000005.00000002.3143372418.00000000005FA000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000006.00000002.3155150882.00000000005FA000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000007.00000002.2257434736.000000000082A000.00000040.00000001.01000000.0000000F.sdmp, set_0.exe, 00000008.00000002.3114831364.00000000005FA000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000009.00000002.3133575012.00000000005FA000.00000040.00000001.01000000.0000000C.sdmp, installer.exe, 0000000E.00000000.2900452325.00007FF6C8757000.00000002.00000001.01000000.00000015.sdmp, installer.exe, 0000000F.00000002.3123167236.00007FF6C8757000.00000002.00000001.01000000.00000015.sdmpfalse
                		high
                https://www.baidu.com/favicon.icoinstaller.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpfalse
                  		high
                  https://desktop-netinstaller-sub.osp.opera.software/v1/binaryera.software3set_0.exe, 00000005.00000003.2574547389.0000000001093000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2567499841.0000000001093000.00000004.00000020.00020000.00000000.sdmpfalse
                  • 0%, Virustotal, Browse
                  • Avira URL Cloud: safe
                  		unknown
                  https://ff.search.yahoo.com/gossip?output=fxjson&command=installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpfalse
                    		high
                    http://autoupdate-staging.services.ams.osa/set_0.exefalse
                    • URL Reputation: safe
                    		unknown
                    https://desktop-netinstaller-sub.osp.opera.software/eset_0.exe, 00000005.00000002.3149733003.0000000001047000.00000004.00000020.00020000.00000000.sdmpfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    https://sync.opera.com$1hu.pak.8.drfalse
                    • Avira URL Cloud: safe
                    		low
                    http://localhost:3001api/prefs/?product=$1&version=$2..set_0.exe, 00000005.00000002.3143372418.0000000000620000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000006.00000002.3155150882.0000000000620000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000007.00000002.2257434736.0000000000850000.00000040.00000001.01000000.0000000F.sdmp, set_0.exe, 00000008.00000002.3114831364.0000000000620000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000009.00000002.3133575012.0000000000620000.00000040.00000001.01000000.0000000C.sdmp, installer.exe, 0000000E.00000000.2900452325.00007FF6C8757000.00000002.00000001.01000000.00000015.sdmp, installer.exe, 0000000F.00000002.3123167236.00007FF6C8757000.00000002.00000001.01000000.00000015.sdmpfalse
                    • Avira URL Cloud: safe
                    		low
                    http://www.opera.comset_0.exe, 00000005.00000003.2704275037.0000000029F64000.00000004.00001000.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2523565591.0000000029F4C000.00000004.00001000.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2523164463.0000000001093000.00000004.00000020.00020000.00000000.sdmpfalse
                      		high
                      https://crashpad.chromium.org/https://crashpad.chromium.org/bug/newset_0.exe, 00000005.00000002.3143372418.0000000000620000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000006.00000002.3155150882.0000000000620000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000007.00000002.2257434736.0000000000850000.00000040.00000001.01000000.0000000F.sdmp, set_0.exe, 00000008.00000002.3114831364.0000000000620000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000009.00000002.3133575012.0000000000620000.00000040.00000001.01000000.0000000C.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2545685055.0000000003509000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2545685055.000000000339C000.00000004.00000020.00020000.00000000.sdmp, assistant_installer.exe, 0000000C.00000000.2547130076.00000000009A7000.00000002.00000001.01000000.00000014.sdmp, assistant_installer.exe, 0000000D.00000002.2549972447.00000000009A7000.00000002.00000001.01000000.00000014.sdmp, installer.exe, 0000000E.00000000.2900452325.00007FF6C8757000.00000002.00000001.01000000.00000015.sdmp, installer.exe, 0000000F.00000002.3123167236.00007FF6C8757000.00000002.00000001.01000000.00000015.sdmpfalse
                        		high
                        https://download.opera.com/dset_0.exe, 00000005.00000003.2271008591.00000000010D2000.00000004.00000020.00020000.00000000.sdmpfalse
                          		high
                          http://rabbitsseed.xyz/dol.php?spot=1&a=2353&on=420&o=16624Vsetup.exe, 00000003.00000002.3254369073.00000000059D1000.00000004.00000020.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://rabbitsseed.xyz/dol.php?spot=3&a=2353&on=445&o=1679dHsetup.exe, 00000003.00000002.3254369073.00000000059D1000.00000004.00000020.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://downloads.adblockfast.com/setup.exe, 00000003.00000002.3243273604.000000000084B000.00000004.00000020.00020000.00000000.sdmpfalse
                          • 2%, Virustotal, Browse
                          • Avira URL Cloud: safe
                          		unknown
                          https://addons.opera.com/extensions/download/0239ef3d7c95570d61b12b2fb509af435ccc2131/installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpfalse
                            		high
                            https://download.opera.com/download/get/?id=52318&autoupdate=1&ni=1Hset_0.exe, 00000005.00000003.3139169470.000000000108B000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2567499841.000000000108B000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2544529696.0000000001084000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000002.3149984574.000000000108B000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2574547389.000000000108B000.00000004.00000020.00020000.00000000.sdmpfalse
                              		high
                              https://www.deezer.com/no/logininstaller.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpfalse
                                		high
                                https://www.deezer.com/ro/logininstaller.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpfalse
                                  		high
                                  https://completion.amazon.com/search/complete?q=installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpfalse
                                    		high
                                    https://listen.tidal.com/installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpfalse
                                      		high
                                      http://rabbitsseed.xyz/dol.php?spot=3&a=2353&on=445&o=1679Asetup.exe, 00000003.00000002.3254369073.00000000059F6000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://desktop-netinstaller-sub.osp.opera.software/v1/binaryera.softwareset_0.exe, 00000005.00000003.3139169470.000000000108B000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.3139843993.0000000001092000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000002.3149984574.0000000001093000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • 0%, Virustotal, Browse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://addons.opera.com/extensions/download/ad5beaae2fc679ccba1db1f7b3c9503d8da6ec70/installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpfalse
                                        		high
                                        https://www.remobjects.com/pswinrar-x64-620b2.exe, 00000000.00000003.1964702171.00000000024F0000.00000004.00001000.00020000.00000000.sdmp, winrar-x64-620b2.exe, 00000000.00000003.1965021231.000000007FB70000.00000004.00001000.00020000.00000000.sdmp, winrar-x64-620b2.tmp, 00000001.00000000.1966410123.0000000000401000.00000020.00000001.01000000.00000004.sdmpfalse
                                        • URL Reputation: safe
                                        		unknown
                                        https://download.opera.com/idset_0.exe, 00000005.00000003.2574547389.0000000001093000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2567499841.0000000001093000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2544529696.0000000001093000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.3139169470.000000000108B000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.3139843993.0000000001092000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2288347905.0000000001097000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2440339152.0000000001097000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000002.3149984574.0000000001093000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2271008591.0000000001097000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2523164463.0000000001093000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2276443377.0000000001097000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		high
                                          https://www.innosetup.com/winrar-x64-620b2.exe, 00000000.00000003.1964702171.00000000024F0000.00000004.00001000.00020000.00000000.sdmp, winrar-x64-620b2.exe, 00000000.00000003.1965021231.000000007FB70000.00000004.00001000.00020000.00000000.sdmp, winrar-x64-620b2.tmp, 00000001.00000000.1966410123.0000000000401000.00000020.00000001.01000000.00000004.sdmpfalse
                                          • 1%, Virustotal, Browse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://download.opera.com/download/get/?id=52318&autoupdate=1&ni=1bset_0.exe, 00000005.00000003.2544529696.0000000001084000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		high
                                            https://www.deezer.com/fi/logininstaller.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpfalse
                                              		high
                                              https://download3.operacdn.com/set_0.exe, 00000005.00000003.2276443377.000000000108B000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000002.3149733003.0000000001047000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		high
                                                https://www.so.com/favicon.icoinstaller.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://rabbitsseed.xyz/setup.exe, 00000003.00000002.3243273604.00000000007ED000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • 0%, Virustotal, Browse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://rabbitsseed.xyz/lod.php?fz=&d=nsis&msg=&r=offer_execution_fail&rk=no&o=1679&a=2353&dn=445&sposetup.exe, 00000003.00000002.3243273604.000000000078E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  https://www.deezer.com/mx/logininstaller.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://rabbitsseed.xyz/lod.php?fz=&d=nsis&msg=&r=offer_execution_fail&rk=no&o=1661&a=2353&dn=419&sposetup.exe, 00000003.00000002.3243273604.000000000078E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://save.windowstone.website/tsetup.exe, 00000003.00000002.3243273604.000000000084B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    https://crashpad.chromium.org/assistant_installer.exe, assistant_installer.exe, 0000000D.00000002.2549972447.00000000009A7000.00000002.00000001.01000000.00000014.sdmp, installer.exe, 0000000E.00000000.2900452325.00007FF6C8757000.00000002.00000001.01000000.00000015.sdmp, installer.exe, 0000000F.00000002.3123167236.00007FF6C8757000.00000002.00000001.01000000.00000015.sdmpfalse
                                                      		high
                                                      https://addons.opera.com/en/extensions/details/dify-cashback/installer.exe, 0000000F.00000002.3123167236.00007FF6C8757000.00000002.00000001.01000000.00000015.sdmp, notification_helper.exe.8.drfalse
                                                        		high
                                                        https://meet.jit.si/video_conference_popout.json.8.drfalse
                                                          		high
                                                          https://www.deezer.cominstaller.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://save.windowstone.website/track_polos.php?tim=1711816681&rcc=US&c=2353&p=1.13http://rabbitsseesetup.exe, 00000003.00000002.3243273604.000000000078E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            https://autoupdate.geo.opera.com/geolocation/set_0.exe, set_0.exe, 00000009.00000002.3133575012.0000000000620000.00000040.00000001.01000000.0000000C.sdmp, installer.exe, 0000000E.00000000.2900452325.00007FF6C8757000.00000002.00000001.01000000.00000015.sdmp, installer.exe, 0000000F.00000002.3123167236.00007FF6C8757000.00000002.00000001.01000000.00000015.sdmpfalse
                                                              		high
                                                              https://duckduckgo.com/?q=installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://yandex.com.tr/search/?clid=1669559&text=installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                • 0%, Virustotal, Browse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://rabbitsseed.xyz/dol.php?spot=6&a=2353&on=416&o=1658setup.exe, 00000003.00000002.3243273604.000000000078E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                • 3%, Virustotal, Browse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                https://crashstats-collector.opera.com/collector/submitinstaller.exe, 0000000F.00000002.3115795944.0000015332220000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000F.00000002.3123167236.00007FF6C8757000.00000002.00000001.01000000.00000015.sdmp, installer.exe, 0000000F.00000003.3114334325.0000413400238000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  http://aa.lockstart.host/ww.php?p=2268&t=46134022&title=UmVhbCBGaWxlcw==Lwinrar-x64-620b2.tmp, 00000001.00000002.3251084046.0000000002474000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: malware
                                                                  		unknown
                                                                  http://bb.handssurprise.website/ww.php?p=2268&t=46134022&title=UmVhbCBGaWxlcw==winrar-x64-620b2.exe, 00000000.00000003.1963485387.00000000024F0000.00000004.00001000.00020000.00000000.sdmp, winrar-x64-620b2.exe, 00000000.00000002.3237398481.00000000021EA000.00000004.00001000.00020000.00000000.sdmp, winrar-x64-620b2.tmp, 00000001.00000003.1968273349.0000000003460000.00000004.00001000.00020000.00000000.sdmp, winrar-x64-620b2.tmp, 00000001.00000002.3251084046.0000000002441000.00000004.00001000.00020000.00000000.sdmp, winrar-x64-620b2.tmp, 00000001.00000002.3253902307.0000000003535000.00000004.00001000.00020000.00000000.sdmp, winrar-x64-620b2.tmp, 00000001.00000002.3251084046.000000000242A000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                  • 1%, Virustotal, Browse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  https://addons.opera.com/extensions/download/4d3d8f7f070d279fbe0d2795e10e69fbab5d3824/installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://desktop-netinstaller-sub.osp.opera.software/r-sub.osp.opera.software/sdSipVerifyHashDllFuncNset_0.exe, 00000005.00000002.3149733003.0000000001047000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    • 0%, Virustotal, Browse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    https://opera.com/privacyset_0.exe, set_0.exe, 00000009.00000002.3133575012.0000000000620000.00000040.00000001.01000000.0000000C.sdmp, installer.exe, 0000000E.00000000.2900452325.00007FF6C8757000.00000002.00000001.01000000.00000015.sdmp, installer.exe, 0000000F.00000002.3123167236.00007FF6C8757000.00000002.00000001.01000000.00000015.sdmpfalse
                                                                      		high
                                                                      http://rabbitsseed.xyz/dol.php?spot=3&a=2353&on=445&o=16794Wsetup.exe, 00000003.00000002.3254369073.00000000059D1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      http://rabbitsseed.xyz/lod.php?fz=&d=nsis&msg=&r=offer_execution_fail&rk=no&o=1662&a=2353&dn=420&sposetup.exe, 00000003.00000002.3243273604.000000000078E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      https://desktop-netinstaller-sub.osp.opera.software/etUrlCacheset_0.exe, 00000005.00000002.3149733003.0000000001047000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      • 0%, Virustotal, Browse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      https://gamemaker.io)set_0.exe, set_0.exe, 00000009.00000002.3133575012.00000000005FA000.00000040.00000001.01000000.0000000C.sdmp, installer.exe, 0000000E.00000000.2900452325.00007FF6C8757000.00000002.00000001.01000000.00000015.sdmp, installer.exe, 0000000F.00000002.3123167236.00007FF6C8757000.00000002.00000001.01000000.00000015.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      		low
                                                                      http://autoupdate-staging.services.ams.osa/v4/v5/netinstaller///windows/x64v2/Fetchingset_0.exe, 00000005.00000002.3143372418.0000000000620000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000006.00000002.3155150882.0000000000620000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000007.00000002.2257434736.0000000000850000.00000040.00000001.01000000.0000000F.sdmp, set_0.exe, 00000008.00000002.3114831364.0000000000620000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000009.00000002.3133575012.0000000000620000.00000040.00000001.01000000.0000000C.sdmp, installer.exe, 0000000E.00000000.2900452325.00007FF6C8757000.00000002.00000001.01000000.00000015.sdmp, installer.exe, 0000000F.00000002.3123167236.00007FF6C8757000.00000002.00000001.01000000.00000015.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      		unknown
                                                                      https://duckduckgo.com/favicon.icoinstaller.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://www.google.com/favicon.icoinstaller.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://config.gx.games/v0/config?utm_campaign=PWN_US_PB3_DD_3661&utm_medium=pa&utm_source=PWNgames&set_0.exe, 00000005.00000003.2271008591.0000000001097000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2523164463.0000000001093000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2276443377.0000000001097000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          • 0%, Virustotal, Browse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          https://www.biphic.com/6X6S73Q/KLT11XW/?sub1=2353&sub2=2353setup.exe, 00000003.00000002.3254369073.00000000059D1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          • 0%, Virustotal, Browse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          https://addons.opera.com/extensions/download/3ed7347a5e10c404ea6cb96281265ff23092cf8f/installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://addons.opera.com/extensions/download/e27cf3ebc2172a1a7d9cb6978a031ef52ed55596/installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmp, installer.exe, 0000000E.00000003.2906922484.000002DDEB68D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              http://nsis.sf.net/NSIS_Errorsetup.exe, setup.exe, 00000003.00000002.3233642760.0000000000409000.00000004.00000001.01000000.00000007.sdmp, setup.exe, 00000003.00000000.2133946734.0000000000409000.00000008.00000001.01000000.00000007.sdmp, is-U8A6E.tmp.1.drfalse
                                                                                		high
                                                                                http://rabbitsseed.xyz/lod.php?fz=&d=nsis&msg=&r=offer_exists&rk=no&o=1679&a=2353&dn=445&spot=3&t=17setup.exe, 00000003.00000002.3243273604.000000000078E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                https://www.deezer.com/ru/logininstaller.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://www.inlogbrowser.com/pp.txtsetup.exe, 00000003.00000002.3243273604.000000000078E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  • 0%, Virustotal, Browse
                                                                                  • Avira URL Cloud: safe
                                                                                  		unknown
                                                                                  https://addons.opera.com/extensions/download/434b0a6daa530638a964132e86b8a01d7b39aa7c/installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://gamemaker.io/en/get.set_0.exe, set_0.exe, 00000009.00000002.3133575012.00000000005FA000.00000040.00000001.01000000.0000000C.sdmp, installer.exe, 0000000E.00000000.2900452325.00007FF6C8757000.00000002.00000001.01000000.00000015.sdmp, installer.exe, 0000000F.00000002.3123167236.00007FF6C8757000.00000002.00000001.01000000.00000015.sdmpfalse
                                                                                    • 0%, Virustotal, Browse
                                                                                    • Avira URL Cloud: safe
                                                                                    		unknown
                                                                                    http://rabbitsseed.xyz/dol.php?spot=1&a=2353&on=420&o=1662setup.exe, 00000003.00000002.3243273604.000000000078E000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000003.00000002.3254369073.00000000059D1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    • 3%, Virustotal, Browse
                                                                                    • Avira URL Cloud: safe
                                                                                    		unknown
                                                                                    http://save.windowstone.website/track_inl2.php?tim=1711816681&poid=2353&p=1.25Innosetup.exe, 00000003.00000002.3243273604.000000000078E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    • Avira URL Cloud: safe
                                                                                    		unknown
                                                                                    https://addons.opera.com/extensions/download/aad01b6c6f7f2f01bea6584af044c96d8850f748/installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://gamemaker.ioset_0.exe, set_0.exe, 00000009.00000002.3133575012.00000000005FA000.00000040.00000001.01000000.0000000C.sdmp, installer.exe, 0000000E.00000000.2900452325.00007FF6C8757000.00000002.00000001.01000000.00000015.sdmp, installer.exe, 0000000F.00000002.3123167236.00007FF6C8757000.00000002.00000001.01000000.00000015.sdmpfalse
                                                                                      • 0%, Virustotal, Browse
                                                                                      • Avira URL Cloud: safe
                                                                                      		unknown
                                                                                      https://autoupdate.geo.opera.com/api/prefs/?product=Opera%20GX&version=107.0.5045.79set_0.exe, 00000005.00000002.3149733003.0000000000FE0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://support.google.com/chrome/a/answer/9122284hu.pak.8.dr, ru.pak.8.drfalse
                                                                                          		high
                                                                                          https://addons.opera.com/extensions/download/313b7f796952f2b34bf6bce6ba10a7b51bd18913/installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://translate.yandex.net/main/v2.92.1465389915/i/favicon.icoinstaller.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://desktop-netinstaller-sub.osp.opera.software/v1/binaryv9set_0.exe, 00000005.00000003.2574547389.0000000001093000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2567499841.0000000001093000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.3139169470.000000000108B000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.3139843993.0000000001092000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000002.3149984574.0000000001093000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              • 0%, Virustotal, Browse
                                                                                              • Avira URL Cloud: safe
                                                                                              		unknown
                                                                                              https://www.biphic.com/6X6S73Q/KLT11XW/?sub1=2353&sub2=2353DWsetup.exe, 00000003.00000002.3254369073.00000000059D1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              • Avira URL Cloud: safe
                                                                                              		unknown
                                                                                              http://rabbitsseed.xyz/dol.php?spot=3&a=2353&on=445&o=1679psetup.exe, 00000003.00000002.3243273604.000000000078E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              • Avira URL Cloud: safe
                                                                                              		unknown
                                                                                              https://addons.opera.com/extensions/download/505f20c0ceb331ebec9f6b8d9def5e0f59be4612/installer.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://browser-notifications.opera.com/api/v1/Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2545685055.0000000003509000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://www.deezer.com/us/logininstaller.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://autoupdate.geo.opera.com/https://autoupdate.geo.opera.com/geolocation/OperaDesktopGXhttps://set_0.exe, 00000005.00000002.3143372418.0000000000620000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000006.00000002.3155150882.0000000000620000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000007.00000002.2257434736.0000000000850000.00000040.00000001.01000000.0000000F.sdmp, set_0.exe, 00000008.00000002.3114831364.0000000000620000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000009.00000002.3133575012.0000000000620000.00000040.00000001.01000000.0000000C.sdmp, installer.exe, 0000000E.00000000.2900452325.00007FF6C8757000.00000002.00000001.01000000.00000015.sdmp, installer.exe, 0000000F.00000002.3123167236.00007FF6C8757000.00000002.00000001.01000000.00000015.sdmpfalse
                                                                                                      		high
                                                                                                      https://crashstats-collector.opera.com/collector/submit--url=https://crashstats-collector.opera.com/installer.exe, 0000000F.00000002.3121694211.00004134002C8000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://word.office.comonexplorer.exe, 00000012.00000000.2923951746.00000000099C0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000002.3280950871.00000000099C0000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                        • URL Reputation: safe
                                                                                                        		unknown
                                                                                                        http://rabbitsseed.xyz/lod.php?fz=&d=nsis&msg=&r=offer_execution&rk=no&o=1658&a=2353&dn=416&spot=6&tsetup.exe, 00000003.00000002.3243273604.000000000078E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        • Avira URL Cloud: safe
                                                                                                        		unknown
                                                                                                        https://www.deezer.com/es/logininstaller.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://desktop-netinstaller-sub.osp.opera.software/v1/binaryIDootset_0.exe, 00000005.00000003.3139169470.000000000108B000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.3139843993.0000000001092000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000002.3149984574.0000000001093000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          • Avira URL Cloud: safe
                                                                                                          		unknown
                                                                                                          https://config.gx.games/set_0.exe, 00000005.00000002.3149733003.0000000001047000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          • Avira URL Cloud: safe
                                                                                                          		unknown
                                                                                                          https://www.deezer.com/de/logininstaller.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://download.opera.com/download/get/?id=65442&autoupdate=1&ni=1&stream=stable&utm_campaign=PWN_Uset_0.exe, 00000005.00000003.2276443377.0000000001097000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://www.deezer.com/th/logininstaller.exe, 0000000E.00000003.2964267354.000002E000604000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                		high

                                                                                                                World Map of Contacted IPs

                                                                                                                • No. of IPs < 25%
                                                                                                                • 25% < No. of IPs < 50%
                                                                                                                • 50% < No. of IPs < 75%
                                                                                                                • 75% < No. of IPs

                                                                                                                Public IPs

                                                                                                                IPDomainCountryFlagASNASN NameMalicious
                                                                                                                104.21.83.102
                                                                                                                		unknownUnited States
                                                                                                                		13335CLOUDFLARENETUSfalse
                                                                                                                96.6.42.25
                                                                                                                		unknownUnited States
                                                                                                                		20940AKAMAI-ASN1EUfalse
                                                                                                                172.67.152.108
                                                                                                                		unknownUnited States
                                                                                                                		13335CLOUDFLARENETUSfalse
                                                                                                                37.228.108.133
                                                                                                                		unknownNorway
                                                                                                                		39832NO-OPERANOfalse
                                                                                                                104.18.9.172
                                                                                                                		unknownUnited States
                                                                                                                		13335CLOUDFLARENETUSfalse
                                                                                                                192.229.211.108
                                                                                                                		unknownUnited States
                                                                                                                		15133EDGECASTUSfalse
                                                                                                                104.18.10.89
                                                                                                                		unknownUnited States
                                                                                                                		13335CLOUDFLARENETUSfalse
                                                                                                                107.167.110.218
                                                                                                                		unknownUnited States
                                                                                                                		21837OPERASOFTWAREUSfalse
                                                                                                                107.167.110.216
                                                                                                                		unknownUnited States
                                                                                                                		21837OPERASOFTWAREUSfalse
                                                                                                                104.26.14.74
                                                                                                                		unknownUnited States
                                                                                                                		13335CLOUDFLARENETUSfalse
                                                                                                                185.203.242.81
                                                                                                                		unknownUkraine
                                                                                                                		204601ON-LINE-DATAServerlocation-NetherlandsDrontenNLfalse
                                                                                                                172.67.136.140
                                                                                                                		unknownUnited States
                                                                                                                		13335CLOUDFLARENETUSfalse
                                                                                                                172.67.146.218
                                                                                                                		unknownUnited States
                                                                                                                		13335CLOUDFLARENETUSfalse
                                                                                                                107.167.96.30
                                                                                                                		unknownUnited States
                                                                                                                		53755IOFLOODUSfalse
                                                                                                                107.167.125.189
                                                                                                                		unknownUnited States
                                                                                                                		21837OPERASOFTWAREUSfalse

                                                                                                                General Information

                                                                                                                Joe Sandbox version:40.0.0 Tourmaline
                                                                                                                Analysis ID:1417804
                                                                                                                Start date and time:2024-03-30 17:37:08 +01:00
                                                                                                                Joe Sandbox product:CloudBasic
                                                                                                                Overall analysis duration:0h 13m 37s
                                                                                                                Hypervisor based Inspection enabled:false
                                                                                                                Report type:full
                                                                                                                Cookbook file name:default.jbs
                                                                                                                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                Number of analysed new started processes analysed:18
                                                                                                                Number of new started drivers analysed:0
                                                                                                                Number of existing processes analysed:0
                                                                                                                Number of existing drivers analysed:0
                                                                                                                Number of injected processes analysed:22
                                                                                                                Technologies:
                                                                                                                • HCA enabled
                                                                                                                • EGA enabled
                                                                                                                • AMSI enabled
                                                                                                                Analysis Mode:default
                                                                                                                Analysis stop reason:Timeout
                                                                                                                Sample name:winrar-x64-620b2.exe
                                                                                                                Detection:MAL
                                                                                                                Classification:mal40.spyw.evad.winEXE@28/269@0/15
                                                                                                                EGA Information:
                                                                                                                • Successful, ratio: 44.4%
                                                                                                                HCA Information:
                                                                                                                • Successful, ratio: 73%
                                                                                                                • Number of executed functions: 137
                                                                                                                • Number of non-executed functions: 234
                                                                                                                Cookbook Comments:
                                                                                                                • Found application associated with file extension: .exe

                                                                                                                Warnings

                                                                                                                • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
                                                                                                                • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                                                                • Report size getting too big, too many NtEnumerateKey calls found.
                                                                                                                • Report size getting too big, too many NtOpenKey calls found.
                                                                                                                • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                • Report size getting too big, too many NtSetInformationFile calls found.
                                                                                                                • Skipping network analysis since amount of network traffic is too extensive

                                                                                                                Simulations

                                                                                                                Behavior and APIs

                                                                                                                TimeTypeDescription
                                                                                                                17:39:30API Interceptor7x Sleep call for process: explorer.exe modified
                                                                                                                17:39:33Task SchedulerRun new task: Opera GX scheduled Autoupdate 1711816766 path: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe s>--scheduledautoupdate $(Arg0)

                                                                                                                Joe Sandbox View / Context

                                                                                                                IPs

                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                104.21.83.102Note_IMPORTANTE_.jsGet hashmaliciousUnknownBrowse
                                                                                                                  Factura_Proforma_17,820_.xlam.xlsxGet hashmaliciousUnknownBrowse
                                                                                                                    Ordine_n._del_081112023.jsGet hashmaliciousUnknownBrowse
                                                                                                                      ship.jsGet hashmaliciousUnknownBrowse
                                                                                                                        documentosdhl080869.htaGet hashmaliciouszgRATBrowse
                                                                                                                          Orden_de_Compra##.xla.xlsxGet hashmaliciousAgentTesla, zgRATBrowse
                                                                                                                            https://cdn.discordapp.com/attachments/1166864238560690260/1166877174918283345/Req_for_quote.jsGet hashmaliciousAgentTesla, zgRATBrowse
                                                                                                                              Factura_Proforma_MX80952312.xlam.xlsxGet hashmaliciousAgentTesla, zgRATBrowse
                                                                                                                                Product_lists_.xlam.xlsxGet hashmaliciousPXRECVOWEIWOEI Stealer, zgRATBrowse
                                                                                                                                  Quotation_for_Sogno_SRL_Moldova..xlam.xlsxGet hashmaliciousAgentTesla, zgRATBrowse
                                                                                                                                    96.6.42.25file.exeGet hashmaliciousGlupteba, Neoreklami, VidarBrowse
                                                                                                                                      172.67.152.108vc9dXDjnki.exeGet hashmaliciousUnknownBrowse
                                                                                                                                        quTbWcnSay.exeGet hashmaliciousUnknownBrowse
                                                                                                                                          2D5770EB59209D2238670233CB2BE6424F7974800B83F.exeGet hashmaliciousUnknownBrowse
                                                                                                                                            6D3F3F26752DF1A041952CEAB949662805FFF34D6D06D.exeGet hashmaliciousUnknownBrowse
                                                                                                                                              D1E33311A3E42A9C958CED92087534253817C228A36A6.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                0AD888FB7715FA597961E058A51D397B78F5518EC63D1.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                  d47b38d68c7ef6c19add401c1c6defb99aef1fac8fd28.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                    d47b38d68c7ef6c19add401c1c6defb99aef1fac8fd28.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                      69e6517b2ee056dd1f5f70c46faf6235b84db97a74a65.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                        sq5W8v3VZV.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                          37.228.108.133SecuriteInfo.com.Win64.PWSX-gen.3038.29891.exeGet hashmaliciousGlupteba, Mars Stealer, Stealc, VidarBrowse
                                                                                                                                                            g2nXBEjfVF.exeGet hashmaliciousGlupteba, Mars Stealer, Stealc, VidarBrowse
                                                                                                                                                              SecuriteInfo.com.Win64.Evo-gen.247.3191.exeGet hashmaliciousGlupteba, Mars Stealer, PureLog Stealer, RHADAMANTHYS, Stealc, VidarBrowse
                                                                                                                                                                file.exeGet hashmaliciousGlupteba, Mars Stealer, VidarBrowse
                                                                                                                                                                  xzhpqAAPnX.exeGet hashmaliciousGlupteba, Mars Stealer, PureLog Stealer, RHADAMANTHYS, Stealc, VidarBrowse
                                                                                                                                                                    4Pl8B4ehEG.exeGet hashmaliciousGlupteba, Mars Stealer, Stealc, VidarBrowse
                                                                                                                                                                      QN1omDissd.exeGet hashmaliciousAmadey, Glupteba, Mars Stealer, Stealc, VidarBrowse
                                                                                                                                                                        AwV2hldmu0.exeGet hashmaliciousAmadey, Glupteba, Mars Stealer, Stealc, VidarBrowse
                                                                                                                                                                          SecuriteInfo.com.Trojan.PackedNET.2742.9443.15673.exeGet hashmaliciousGlupteba, Mars Stealer, Socks5Systemz, Stealc, VidarBrowse
                                                                                                                                                                            SecuriteInfo.com.Program.Unwanted.5510.17823.1529.exeGet hashmaliciousUnknownBrowse

                                                                                                                                                                              Domains

                                                                                                                                                                              No context

                                                                                                                                                                              ASNs

                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                              CLOUDFLARENETUSj2DPYCVRUj.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                              • 172.67.34.170
                                                                                                                                                                              Hellevator.exeGet hashmaliciousStealitBrowse
                                                                                                                                                                              • 172.64.41.3
                                                                                                                                                                              Hellevator.exeGet hashmaliciousStealitBrowse
                                                                                                                                                                              • 162.159.61.3
                                                                                                                                                                              gaVr0jXXLk.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                                                              • 172.67.75.166
                                                                                                                                                                              Sky-Beta.exeGet hashmaliciousStealitBrowse
                                                                                                                                                                              • 172.64.41.3
                                                                                                                                                                              iH74zEkO7Q.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                                                              • 104.26.5.15
                                                                                                                                                                              Sky-Beta.exeGet hashmaliciousStealitBrowse
                                                                                                                                                                              • 172.67.74.152
                                                                                                                                                                              BCppkibWsJ.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                                                              • 104.26.5.15
                                                                                                                                                                              http://fortunateheart.space/lib/ajax/lp_engage.php?c=4ez11jxr0z5iz1&k=0255e9c7b764581c737fdcea11134de3&t=0.9612556056339954Get hashmaliciousUnknownBrowse
                                                                                                                                                                              • 1.1.1.1
                                                                                                                                                                              LHSwqldJkd.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                                                              • 104.26.5.15
                                                                                                                                                                              CLOUDFLARENETUSj2DPYCVRUj.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                              • 172.67.34.170
                                                                                                                                                                              Hellevator.exeGet hashmaliciousStealitBrowse
                                                                                                                                                                              • 172.64.41.3
                                                                                                                                                                              Hellevator.exeGet hashmaliciousStealitBrowse
                                                                                                                                                                              • 162.159.61.3
                                                                                                                                                                              gaVr0jXXLk.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                                                              • 172.67.75.166
                                                                                                                                                                              Sky-Beta.exeGet hashmaliciousStealitBrowse
                                                                                                                                                                              • 172.64.41.3
                                                                                                                                                                              iH74zEkO7Q.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                                                              • 104.26.5.15
                                                                                                                                                                              Sky-Beta.exeGet hashmaliciousStealitBrowse
                                                                                                                                                                              • 172.67.74.152
                                                                                                                                                                              BCppkibWsJ.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                                                              • 104.26.5.15
                                                                                                                                                                              http://fortunateheart.space/lib/ajax/lp_engage.php?c=4ez11jxr0z5iz1&k=0255e9c7b764581c737fdcea11134de3&t=0.9612556056339954Get hashmaliciousUnknownBrowse
                                                                                                                                                                              • 1.1.1.1
                                                                                                                                                                              LHSwqldJkd.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                                                              • 104.26.5.15
                                                                                                                                                                              NO-OPERANOSecuriteInfo.com.Win64.PWSX-gen.3038.29891.exeGet hashmaliciousGlupteba, Mars Stealer, Stealc, VidarBrowse
                                                                                                                                                                              • 37.228.108.133
                                                                                                                                                                              https://depl.pages.dev/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                              • 82.145.213.8
                                                                                                                                                                              https://attwebupdate.w3spaces.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                              • 82.145.213.8
                                                                                                                                                                              g2nXBEjfVF.exeGet hashmaliciousGlupteba, Mars Stealer, Stealc, VidarBrowse
                                                                                                                                                                              • 185.26.182.112
                                                                                                                                                                              SecuriteInfo.com.Win64.Evo-gen.247.3191.exeGet hashmaliciousGlupteba, Mars Stealer, PureLog Stealer, RHADAMANTHYS, Stealc, VidarBrowse
                                                                                                                                                                              • 185.26.182.111
                                                                                                                                                                              bkBeWYmTn4.exeGet hashmaliciousGlupteba, Mars Stealer, PureLog Stealer, RHADAMANTHYS, Stealc, VidarBrowse
                                                                                                                                                                              • 37.228.108.132
                                                                                                                                                                              https://ioa.pages.dev/account/js-reporting/?crumb=uZ4.07kERLI&message=javascript_not_enabled&ref=%2Faccount%2Fchallenge%2FpasswordIP:Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                              • 82.145.213.8
                                                                                                                                                                              https://lanecain-homes.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                              • 82.145.213.8
                                                                                                                                                                              file.exeGet hashmaliciousGlupteba, Mars Stealer, VidarBrowse
                                                                                                                                                                              • 185.26.182.111
                                                                                                                                                                              xzhpqAAPnX.exeGet hashmaliciousGlupteba, Mars Stealer, PureLog Stealer, RHADAMANTHYS, Stealc, VidarBrowse
                                                                                                                                                                              • 37.228.108.133
                                                                                                                                                                              AKAMAI-ASN1EUhttp://liceogalois.co/w164669.shtmlGet hashmaliciousHtmlDropper, HTMLPhisherBrowse
                                                                                                                                                                              • 23.217.116.170
                                                                                                                                                                              https://att-108082.weeblysite.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                              • 23.53.35.209
                                                                                                                                                                              https://att-login309.weeblysite.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                              • 184.29.143.232
                                                                                                                                                                              https://att-login900.weeblysite.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                              • 23.53.35.73
                                                                                                                                                                              Facture_160087511.htmlGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                              • 104.96.221.75
                                                                                                                                                                              https://ckydb04.na1.hubspotlinks.com/Ctc/OP+113/cKydB04/VW9bQw4skpv3N4QMDhk6pMpJW5g6HvJ5ccjQdN61zzVd3qn9gW7lCdLW6lZ3m-VBhZqP2fNwFyN40GRrrMQlZ-N2TdQmJ13Y6QW10XVPX3kbMHcN4L237-7KHZ5W1zLF7f8GbdtBW2ZKqmb4N84ZcW3QDpzS6S7KJJW5X7x_l7b4v9TW2F362D3Hh1s9W54lklM4T0vLxN7h7S8FNlcHjW20Y8Mn2bFBzVW9hqyrD48FY07W1SGLwZ5DF_9-W40HntB7qL0THW1mF8BY3vVj3gW2n5NX74XPrGTW45qZ3V6l-BrTN7CsbcvdfdyCW5951f94y1-HGN8ZFSwmVlSf3W5fSXSN3-n9KQW8hNdv46-Q6rkf7QDZST04Get hashmaliciousUnknownBrowse
                                                                                                                                                                              • 104.117.182.67
                                                                                                                                                                              http://www.free-pdf-creator.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                              • 23.53.35.206
                                                                                                                                                                              brzffc2GOs.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                              • 104.79.250.64
                                                                                                                                                                              https://airispharma1-my.sharepoint.com/:o:/g/personal/anagaraj_airispharma_com/EvmEpKGsyxtGnlrgsjVRxi4BOj2g3uhzHgNY6tXqx6wp5g?e=JtdJfIGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                              • 184.28.130.71
                                                                                                                                                                              https://mmsinconline-my.sharepoint.com/:b:/p/mamundson/EZ0kVsuFb_RJlwEzXHeEJ1gBaR0hj3PwWMy3ECS1r80Lcg?e=96yHrOGet hashmaliciousUnknownBrowse
                                                                                                                                                                              • 23.12.146.141

                                                                                                                                                                              JA3 Fingerprints

                                                                                                                                                                              No context

                                                                                                                                                                              Dropped Files

                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\Opera_GX_assistant_73.0.3856.382_Setup[1].exevc9dXDjnki.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                http://picasa.en.softonic.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                  quTbWcnSay.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    2D5770EB59209D2238670233CB2BE6424F7974800B83F.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                      6D3F3F26752DF1A041952CEAB949662805FFF34D6D06D.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                        D1E33311A3E42A9C958CED92087534253817C228A36A6.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                          5672D5B80770DEB68BF2435FEF12D521C04CE012250CC.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                            F85362FA96806CE4FF93B8A49E0E74F65DEA0B759AE87.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              5672D5B80770DEB68BF2435FEF12D521C04CE012250CC.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                A1318324E8604DD73AFC5FE4241F1FC29771DE37DE98B.exeGet hashmaliciousUnknownBrowse

                                                                                                                                                                                                  Created / dropped Files

                                                                                                                                                                                                  C:\Program Files (x86)\Real Files\is-LASMM.tmp

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-LCQTO.tmp\winrar-x64-620b2.tmp
                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):3038269
                                                                                                                                                                                                  Entropy (8bit):6.379873364125984
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:49152:nLJwSihjOb6GLb4SKEs3DyOMC2DlUt0+yO3A32ASNTvua:FwSi0b67zeCzt0+yO3kSJ
                                                                                                                                                                                                  MD5:17649F036EC48AF1564407A6D01FF0F9
                                                                                                                                                                                                  SHA1:7185CA639D9FDA90945A2EF0400A8FEFE946B3F8
                                                                                                                                                                                                  SHA-256:1401D6CD6D748566000F59104F61DAB0FA5247C698D65ECEDA5940740181D1C9
                                                                                                                                                                                                  SHA-512:C82A1E88C5B8DEE55F6C9084C474604F80960E722EACC6FECA07AB5191207420472D0957CE3A72CAB1C1ABBBFEE4C3AACEF6AEAFCDC3629B1A580E7EFE69A6A4
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:MZP.....................@.......................InUn....................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L...p.._.................$,.........P6,......@,...@.......................................@......@....................-......`-.49....-.......................................................-......................i-.......-......................text...P.+.......+................. ..`.itext..t(....,..*....+............. ..`.data.......@,......(,.............@....bss.....x....,..........................idata..49...`-..:....,.............@....didata.......-.......,.............@....edata........-.......-.............@..@.tls....L.....-..........................rdata..].....-.......-.............@..@.rsrc.........-.......-.............@..@......................-.............@..@........................................................

                                                                                                                                                                                                  C:\Program Files (x86)\Real Files\unins000.dat

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-LCQTO.tmp\winrar-x64-620b2.tmp
                                                                                                                                                                                                  File Type:InnoSetup Log Real Files, version 0x418, 6463 bytes, 347688\37\user\37, C:\Program Files (x86)\Real Files\376\377\
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):6463
                                                                                                                                                                                                  Entropy (8bit):4.125138799942462
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:uI1dnUanTOWUNlfQmbv/09bmRK43lg04OXLFCVbcuJlEDA4MZAe2LIUHh0v:71WaT2QM30dmdpUbP4DSmbHk
                                                                                                                                                                                                  MD5:1D161F6490970C9C444080EEFF5A0664
                                                                                                                                                                                                  SHA1:366EDBF95AAFC655DC182AEB8A42932EF7A662B9
                                                                                                                                                                                                  SHA-256:4B981DF340B2E686F6D6BF455159AF757A017CA9BDC1A34BF28836D8B55883FD
                                                                                                                                                                                                  SHA-512:289FE347A072E5C71F114194A4224BD770BBF280EDE79A15008426248F23D06D27FE9E2ED7FBB010570EB73996DADE96CD9BB93B54A23D723C4BB7155D56E0A8
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:Inno Setup Uninstall Log (b)....................................Real Files......................................................................................................................Real Files..............................................................................................................................?....................................................................................................................T..........8.0...............3.4.7.6.8.8......a.l.f.o.n.s......C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.R.e.a.l. .F.i.l.e.s................&...'.. ..............IFPS....)........................................................................................................ANYMETHOD.....................................................................BOOLEAN..............TWIZARDFORM....TWIZARDFORM.........TMAINFORM....TMAINFORM.........TUNINSTALLPROGRESSFORM....TUNINSTALLPROGRESSFORM.........TDOWNLOADWIZARDPAGE....TDOWNLOADWIZARDPAGE...........

                                                                                                                                                                                                  C:\Program Files (x86)\Real Files\unins000.exe (copy)

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-LCQTO.tmp\winrar-x64-620b2.tmp
                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):3038269
                                                                                                                                                                                                  Entropy (8bit):6.379873364125984
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:49152:nLJwSihjOb6GLb4SKEs3DyOMC2DlUt0+yO3A32ASNTvua:FwSi0b67zeCzt0+yO3kSJ
                                                                                                                                                                                                  MD5:17649F036EC48AF1564407A6D01FF0F9
                                                                                                                                                                                                  SHA1:7185CA639D9FDA90945A2EF0400A8FEFE946B3F8
                                                                                                                                                                                                  SHA-256:1401D6CD6D748566000F59104F61DAB0FA5247C698D65ECEDA5940740181D1C9
                                                                                                                                                                                                  SHA-512:C82A1E88C5B8DEE55F6C9084C474604F80960E722EACC6FECA07AB5191207420472D0957CE3A72CAB1C1ABBBFEE4C3AACEF6AEAFCDC3629B1A580E7EFE69A6A4
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:MZP.....................@.......................InUn....................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L...p.._.................$,.........P6,......@,...@.......................................@......@....................-......`-.49....-.......................................................-......................i-.......-......................text...P.+.......+................. ..`.itext..t(....,..*....+............. ..`.data.......@,......(,.............@....bss.....x....,..........................idata..49...`-..:....,.............@....didata.......-.......,.............@....edata........-.......-.............@..@.tls....L.....-..........................rdata..].....-.......-.............@..@.rsrc.........-.......-.............@..@......................-.............@..@........................................................

                                                                                                                                                                                                  C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2E248BEDDBB2D85122423C41028BFD4

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:Certificate, Version=3
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1428
                                                                                                                                                                                                  Entropy (8bit):7.688784034406474
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:nIGWnSIGWnSGc9VIyy0KuiUQ+7n0TCDZJCCAyuIqwmCFUZnPQ1LSdT:nIL7LJSRQ+QgAyuxwfynPQmR
                                                                                                                                                                                                  MD5:78F2FCAA601F2FB4EBC937BA532E7549
                                                                                                                                                                                                  SHA1:DDFB16CD4931C973A2037D3FC83A4D7D775D05E4
                                                                                                                                                                                                  SHA-256:552F7BDCF1A7AF9E6CE672017F4F12ABF77240C78E761AC203D1D9D20AC89988
                                                                                                                                                                                                  SHA-512:BCAD73A7A5AFB7120549DD54BA1F15C551AE24C7181F008392065D1ED006E6FA4FA5A60538D52461B15A12F5292049E929CFFDE15CC400DEC9CDFCA0B36A68DD
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:0...0..x..........W..!2.9...wu\0...*.H........0b1.0...U....US1.0...U....DigiCert Inc1.0...U....www.digicert.com1!0...U....DigiCert Trusted Root G40...130801120000Z..380115120000Z0b1.0...U....US1.0...U....DigiCert Inc1.0...U....www.digicert.com1!0...U....DigiCert Trusted Root G40.."0...*.H.............0..........sh..]J<0"0i3..%..!=..Y..).=X.v..{....0....8..V.m...y....._..<R.R....~...W.YUr.h.p..u.js2...D.......t;mq.-... .. .c)-..^N..!a.4...^.[......4@_.zf.w.H.fWW.TX..+.O.0.V..{]..O^.5.1..^......@.y.x...j.8.....7...}...>..p.U.A2...s*n..|!L....u]xf.:1D.3@...ZI...g.'..O9..X..$\F.d..i.v.v=Y]Bv...izH....f.t..K...c....:.=...E%...D.+~....am.3...K...}....!........p,A`..c.D..vb~.....d.3....C....w.....!..T)%.l..RQGt.&..Au.z._.?..A..[..P.1..r."..|Lu?c.!_. Qko....O..E_. ........~.&...i/..-............B0@0...U.......0....0...U...........0...U..........q]dL..g?....O0...*.H..............a.}.l.........dh.V.w.p...J...x\.._...)V.6I]Dc...f.#.=y.mk.T..<.C@..P.R..;...ik.

                                                                                                                                                                                                  C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F2E248BEDDBB2D85122423C41028BFD4

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):254
                                                                                                                                                                                                  Entropy (8bit):3.0607728827192595
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6:kKOagLDcJgjcalgRAOAUSW0PTKDXMOXISKlUp:magLYS4tWOxSW0PAMsZp
                                                                                                                                                                                                  MD5:EA24F8B1CEDE1591155AF3F275043298
                                                                                                                                                                                                  SHA1:76EEB94D8B092C9BF8CD17A8A84B8D421DD9F0AE
                                                                                                                                                                                                  SHA-256:C79AC9456E36B94D7BCF821AB3315E75915CB8BC163A5EF262326E76F848F471
                                                                                                                                                                                                  SHA-512:96350FCE6565B76E553627D6EDACB2DCD2E2DF545E018B40A6EE33FBDDBE499E7A52C3464DA02720C85D136D198AE1C3BCD9186DB1B5B886B170C77537A47B66
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:p...... ....l....1f.....(....................................................... ............n......................h.t.t.p.:././.c.a.c.e.r.t.s...d.i.g.i.c.e.r.t...c.o.m./.D.i.g.i.C.e.r.t.T.r.u.s.t.e.d.R.o.o.t.G.4...c.r.t...".5.a.2.8.6.4.1.7.-.5.9.4."...

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\Caches\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.3.ver0x0000000000000014.db

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\explorer.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):108880
                                                                                                                                                                                                  Entropy (8bit):4.013513808913232
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:vwl8ZkYGklRzQjk0vf1aA+KPNCLhXhjP6+fPlaAfR1vV78Q8Vm4yp13v4hjiHGy4:Zkmlc1aA+K1yIhjiHGynJRFc0K6Qdv
                                                                                                                                                                                                  MD5:DDBFBF1593F2A56EE5F185C097D135E7
                                                                                                                                                                                                  SHA1:C191673FA3E71102A4ADF723DB72AAB1A13A3D03
                                                                                                                                                                                                  SHA-256:056A924840E2EDCAA3A853E3D05DF3EACBD4004542F6706752A0B17DA1A9AFD6
                                                                                                                                                                                                  SHA-512:69A5ECB3534ED96251F9D4C3C5F568E0F73F4C6B5F81AFBF57349B5C2E2BB593E0AEE1ABAF97B7217AB46FAC12B957EE9A9B4D6C66E2AF3F62BFC0AB95267FFF
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:....h... ...P..........P..............Y...X...`...........8..........W.......e.n.-.C.H.;.e.n.-.G.B..............................P.O. .:i.....+00.../C:\...................P.1...........Users.<............................................U.s.e.r.s.....T.1...........user..>............................................a.l.f.o.n.s.....V.1...........AppData.@............................................A.p.p.D.a.t.a.....V.1...........Roaming.@............................................R.o.a.m.i.n.g.....\.1...........Microsoft.D............................................M.i.c.r.o.s.o.f.t.....V.1...........Windows.@............................................W.i.n.d.o.w.s.....`.1...........Start Menu..F............................................S.t.a.r.t. .M.e.n.u......................(..........P.O. .:i.....+00.../C:\...................P.1...........Users.<............................................U.s.e.r.s.....T.1...........user..>...........................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\Caches\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.3.ver0x0000000000000015.db

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\explorer.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):107064
                                                                                                                                                                                                  Entropy (8bit):4.025546914484068
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:1536:WkGGWjvoGD6WyrMhIiIGEn0KFJKh1Wxrwpt:WkGGQAGD6hrMhIibKF6Wxkn
                                                                                                                                                                                                  MD5:A66229E4D6A0BEF93F7794EF9A52A586
                                                                                                                                                                                                  SHA1:F22E969B73134F3D88C82D522DA71947B9E60D29
                                                                                                                                                                                                  SHA-256:AE3020FDC95151BBFB19DD5B5373B73814145AD6561469AC64123B5A3403A98B
                                                                                                                                                                                                  SHA-512:49BEDEFC93332B3AE500C257FD850757B9AEBEC646D70DD1B4C41E1FD97663543EB2519C89CF8F9B9D472A3B59807E5F6A7C6E57025498817DFBC889FB3AA4C1
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:....h... ...8...........P...............Y...H...`...........(..........W.......e.n.-.C.H.;.e.n.-.G.B..............................P.O. .:i.....+00.../C:\...................P.1...........Users.<............................................U.s.e.r.s.....T.1...........user..>............................................a.l.f.o.n.s.....V.1...........AppData.@............................................A.p.p.D.a.t.a.....V.1...........Roaming.@............................................R.o.a.m.i.n.g.....\.1...........Microsoft.D............................................M.i.c.r.o.s.o.f.t.....V.1...........Windows.@............................................W.i.n.d.o.w.s.....`.1...........Start Menu..F............................................S.t.a.r.t. .M.e.n.u......................(..........P.O. .:i.....+00.../C:\...................P.1...........Users.<............................................U.s.e.r.s.....T.1...........user..>...........................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\features[1].json

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1523
                                                                                                                                                                                                  Entropy (8bit):4.399292637963254
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:YPiRyiRAS3R+GRH4rRUtRCRMR6mR9R5DR3RoRY+RWEIiRGiRCR8xRIjRuAcBpDRC:YqRyiRhR/RYRUtRCRMR6mR9R5DR3RoRY
                                                                                                                                                                                                  MD5:B7C15128A1E2AA333069D2797BFEFD6E
                                                                                                                                                                                                  SHA1:5BD78BF3DF58921E80A72895BFDF2DE3F6549A50
                                                                                                                                                                                                  SHA-256:FA5789F32C280FCDEA8E61CA8A322F859390C64CE8776D131CE73421D9882A93
                                                                                                                                                                                                  SHA-512:DCC4EA98D587CDBC7FB21A7EB383938CE70744DF897EC9D8A7BCF1532E1028D0D1395B9732494FC3196AD2D080D33F5F2153A82A3DFC0F2F055D5E31B50DA75F
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:{"features":{"01979299c8cd":{"state":"enabled"},"13e025f64bd6":{"state":"disabled"},"13eeaf851da7":{"state":"enabled"},"15322f489976":{"state":"enabled"},"1ad69b007ce5":{"state":"enabled"},"1c4dddb65bac":{"state":"enabled"},"1d24dceb937a":{"state":"enabled"},"278deecb29a1":{"state":"enabled"},"2c1429a5a72e":{"state":"enabled"},"3389f6c15eb9":{"state":"enabled"},"40db6e644d2c":{"state":"disabled"},"50796754ffc7":{"state":"enabled"},"5448a57d6689":{"state":"disabled"},"54726ed4401e":{"state":"enabled"},"56d717ae3ad6":{"state":"enabled"},"5a28d66c82cd":{"state":"enabled"},"603cade21cf7":{"state":"enabled"},"654296fe9d6c":{"state":"enabled"},"818c3ef12d0b":{"state":"enabled","dna_filter":{"required_dna":["64336fb81a04836eb8108d24fbca3aa3682db0a5"],"forbidden_dna":["5b3eb4a6c335a0659d16d1a189ca155e4441ea14"]}},"8511df77ed15":{"state":"enabled"},"970fe421a344":{"state":"enabled"},"9ec4e68ae70a":{"state":"disabled"},"b2a2a32b832b":{"state":"enabled"},"b7751444d14a":{"state":"enabled"},"b9677b

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\lod[1].php

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exe
                                                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2
                                                                                                                                                                                                  Entropy (8bit):1.0
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3:V:V
                                                                                                                                                                                                  MD5:444BCB3A3FCF8389296C49467F27E1D6
                                                                                                                                                                                                  SHA1:7A85F4764BBD6DAF1C3545EFBBF0F279A6DC0BEB
                                                                                                                                                                                                  SHA-256:2689367B205C16CE32ED4200942B8B8B1E262DFC70D9BC9FBC77C49699A4F1DF
                                                                                                                                                                                                  SHA-512:9FBBBB5A0F329F9782E2356FA41D89CF9B3694327C1A934D6AF2A9DF2D7F936CE83717FB513196A4CE5548471708CD7134C2AE99B3C357BCABB2EAFC7B9B7570
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:ok

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\1698947853-custom_partner_content[1].json

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with very long lines (1824)
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1344708
                                                                                                                                                                                                  Entropy (8bit):6.081849998191263
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24576:idUTvr+x0E4H3CAHkd0OhPVVUCs4dxemFiG7V76d5vQVUCaxU:iKTHhySkuz/G65v1y
                                                                                                                                                                                                  MD5:1FB07CF2B20D516ADC1067D9C4C57BB7
                                                                                                                                                                                                  SHA1:DA0BFEB9A98B2FDAF422A1B52FFA33ECA0684EA1
                                                                                                                                                                                                  SHA-256:294592F92BDDA407A531D81D64B7D141979F7B5B052370C1041430530DB7C481
                                                                                                                                                                                                  SHA-512:F4B17E1E60281465A3288E5BDE7C537AC419236A72B680AD533E93CAE81DC8E12221339A737C27257B0A561192F655C70230D818EB0219CCB5E4641B5FF811D8
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:// DUwgkzpRs2UBZDQI77+cT3P6rFCB1A0dTs323s0P8VwKPNxJg7UC76QDbcCRMySUWu6oS1yzTCguRlUYTcidqpeZdtHOL09/z+luPzIHHqB/vQ9rnmKvNPJpGrBJkKfytTOuw9v8frDeZaeH6r4iB1b3IcxXDVBG/cZiVMvhj0/b9SbAbkgN94GUrDjIArHEo49eBMFcYKuLFjOUmbiRuESFn3Rlx1SFNsPk2GEohrRvsb3Fzh9UH6hwKFUEBxwUWIGMtPpf2rIDmUxAEUigjvrWMiGoDk4x5FdM+p5livY9OVeyVGtcfDm8zZJ3psJ6Uz8cqK1ZhYsebZFUup9rZA==.{. "version": 32,. "partner_id": "std-1",. "user_agent": "std-1",. "search_engines": {. "location": {. "ad": {. "other": {. "list": [. "google_com",. "yahoo",. "duckduckgo",. "amazon",. "bing_attributed_ysrcunow",. "wiki". ],. "speed_dial_index_list": [0]. }. },. "al": {. "other": {. "list": [. "google_com",. "yahoo",. "duckduckgo",. "amazon",. "bing_attributed_ysrcunow",. "wiki". ],. "speed_dial_index_list": [0].

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\OperaGXSetup[1].exe

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exe
                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):3581608
                                                                                                                                                                                                  Entropy (8bit):7.773137148819644
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:98304:JXNMGeiRvKLzPXB8upFO39fYFLkVRHCoyXw2xDx0TJO:JdF9KJGvtQp
                                                                                                                                                                                                  MD5:63BF5E3553D023DA35C365109C3AEDCF
                                                                                                                                                                                                  SHA1:BDB3A6C22687FD882BB45564FE1B4A149CD15EF4
                                                                                                                                                                                                  SHA-256:AED161141E35ADBE2EEC4B14D7A52885A5AFA7E34E8DD6A7B027F024DC35A27C
                                                                                                                                                                                                  SHA-512:CF098712D76236B68529B0457F49C04CBF54E6729B52A6F7A9CDB2E677E72485865EA24E5B995B85EA2AA3D2E421347CC3564073B052AF6C0EA8699E2B574CDD
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L......f.........."......P6..@...`%.p.[..p%...[...@...........................\.....D.7...@...................................[.......[../...........z6..,....[.............................4.[.....T.[.............................................UPX0.....`%.............................UPX1.....P6..p%..F6.................@....rsrc....@....[..2...H6.............@...4.02.UPX!....<.O..6*..[.[A6...[.&...a.!.U..]....U..1.]........SWV.....E.`..@....@.......pd.....d....}...........M.1..U..A.M.).).9..L.M.4.....9.r.9.wx.u..t.SPQ....\.U.....B.......B..M...;}.}<.M...Z.9.r........X$.E..........p.......t.....`..A1.CL.1..EZ.F...........^_[]...>..h.....E....h...y..,...;.....f.o8..U......E....WV.........x ..}.u.1.H^_].n...F..H..N......5.?.@8.OM.P...n...P..}..O..G~.<..W.)..9.r....9..p.......Y.SQR...\........\}..W.......;E.}H...w.._.9.r..E.....E...X0%..{.d.....u.g..

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\Icrepplo_98220[1].exe

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exe
                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):11236231
                                                                                                                                                                                                  Entropy (8bit):7.970570426981133
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:196608:dVcJuXNZg7RBXOo1VJIybXk6nOf077Ogvd3TaMwg2GRw8R+F/LP6Wtt5o9o:XHzUR9j1X7U6nOfQOAzwg2GRw8cZCW5R
                                                                                                                                                                                                  MD5:F54F246DAEF8BF03B0808A9FE12ACBCD
                                                                                                                                                                                                  SHA1:D6F8DB675F87164977E5B6911D7FABE040226ECB
                                                                                                                                                                                                  SHA-256:4AF5BD80FE270C862FCCDD5C13ACADD7B95C7631191C551705DC2BB4CEBD4278
                                                                                                                                                                                                  SHA-512:EC60E3688F8BD4FAAE3013D9C0CD86EADA2A4CFADAD509B4BB7D3515B3541618E72D4EC469A769A3688FD7DE6B67DC3C43FECAAE4CBA09AC16BC5E53A0D4689D
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L......c.................R...^.......^.......p....@.......................................@......@...................@....... .......p.......................................................`......................."..T....0.......................text....9.......:.................. ..`.itext.......P.......>.............. ..`.data....7...p...8...V..............@....bss.....m...............................idata....... ......................@....didata......0......................@....edata.......@......................@..@.tls.........P...........................rdata..]....`......................@..@.rsrc........p......................@..@....................................@..@........................................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\Opera_GX_107.0.5045.79_Autoupdate_x64[1].exe

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):142198520
                                                                                                                                                                                                  Entropy (8bit):7.999995421447281
                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                  SSDEEP:3145728:4PPyb5NN6TkxOYod/OocWSqlsw6I3iYwiA1+ulOYZ:gP4Z0/jl0vVB+usg
                                                                                                                                                                                                  MD5:E5C66BC2A10855CB4164EEF86F92FB0D
                                                                                                                                                                                                  SHA1:9453AA10DE00E311EE3415D1C07F1990FE6FB491
                                                                                                                                                                                                  SHA-256:FD238E7993A9800F8B9D5C0C0F4FB90E624823BC4A085F658F9544296A4A967D
                                                                                                                                                                                                  SHA-512:CFE5614CD7FBA269DC89A69240382B42649AA45449266447EC29E95A01C69D898F317AD75E07651BD75AB7FCF42C1E6E1731457F91A51397810744D95F1F96B9
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:MZ`.....................@...................................`...........!..L.!Require Windows..$PE..L...'..P.................(...F.......-.......@....@..................................z......................................b......................X.y..)...........................................................@..d............................text....&.......(.................. ..`.rdata...5...@...6...*..............@..@.data....)...........`..............@....rsrc................h..............@..@........U..`.A.......S3.;.VWt.f9.b.A.t...`.A.P....P.|..Y.nj'.v....u..v..=.BA..6P......P....9^..].v8.^..3......hhDA.P..........P......P..pAA..E..E....;F.r......P.J|..Y.24..j...lAA...t$..D....3.9.H.A.t...@....9D$.t..t$.Ph.....5@.A....BA.3.....D$..`...|$..u..@.....3.....t$..D$..t$...`.A......t$...P.Q..%`.A...D$...V...t...P.Q...^...VW.|$.....t...W.P.....t...P.Q..>.._^....T$..L$....f..AABBf..u..L$.3.f9.t.@f.<A.u..S.\$.V..C;^.tLW3.j.Z...........Q.......3.9F.Y~.9F.~...f..Af..G@;F.|..6....

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\Opera_GX_assistant_73.0.3856.382_Setup[1].exe

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1499104
                                                                                                                                                                                                  Entropy (8bit):7.985603261747699
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24576:4ACKcQz8HkfJ8dQnd4GrbwsgY+UfLBCQdI5f3cjCRgCPPWCUZry8k/GUrbN:5pT8HkfJ5eGrbmR0afsXCBrG
                                                                                                                                                                                                  MD5:E9A2209B61F4BE34F25069A6E54AFFEA
                                                                                                                                                                                                  SHA1:6368B0A81608C701B06B97AEFF194CE88FD0E3C0
                                                                                                                                                                                                  SHA-256:E950F17F4181009EEAFA9F5306E8A9DFD26D88CA63B1838F44FF0EFC738E7D1F
                                                                                                                                                                                                  SHA-512:59E46277CA79A43ED8B0A25B24EFF013E251A75F90587E013B9C12851E5DD7283B6172F7D48583982F6A32069457778EE440025C1C754BF7BB6CE8AE1D2C3FC5
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Joe Sandbox View:
                                                                                                                                                                                                  • Filename: vc9dXDjnki.exe, Detection: malicious, Browse
                                                                                                                                                                                                  • Filename: , Detection: malicious, Browse
                                                                                                                                                                                                  • Filename: quTbWcnSay.exe, Detection: malicious, Browse
                                                                                                                                                                                                  • Filename: 2D5770EB59209D2238670233CB2BE6424F7974800B83F.exe, Detection: malicious, Browse
                                                                                                                                                                                                  • Filename: 6D3F3F26752DF1A041952CEAB949662805FFF34D6D06D.exe, Detection: malicious, Browse
                                                                                                                                                                                                  • Filename: D1E33311A3E42A9C958CED92087534253817C228A36A6.exe, Detection: malicious, Browse
                                                                                                                                                                                                  • Filename: 5672D5B80770DEB68BF2435FEF12D521C04CE012250CC.exe, Detection: malicious, Browse
                                                                                                                                                                                                  • Filename: F85362FA96806CE4FF93B8A49E0E74F65DEA0B759AE87.exe, Detection: malicious, Browse
                                                                                                                                                                                                  • Filename: 5672D5B80770DEB68BF2435FEF12D521C04CE012250CC.exe, Detection: malicious, Browse
                                                                                                                                                                                                  • Filename: A1318324E8604DD73AFC5FE4241F1FC29771DE37DE98B.exe, Detection: malicious, Browse
                                                                                                                                                                                                  Preview:MZ`.....................@...................................`...........!..L.!Require Windows..$PE..L...'..P.................(...F.......-.......@....@.................................7........................................b......................H................................................................@..d............................text....&.......(.................. ..`.rdata...5...@...6...*..............@..@.data....)...........`..............@....rsrc................h..............@..@........U..`.A.......S3.;.VWt.f9.b.A.t...`.A.P....P.|..Y.nj'.v....u..v..=.BA..6P......P....9^..].v8.^..3......hhDA.P..........P......P..pAA..E..E....;F.r......P.J|..Y.24..j...lAA...t$..D....3.9.H.A.t...@....9D$.t..t$.Ph.....5@.A....BA.3.....D$..`...|$..u..@.....3.....t$..D$..t$...`.A......t$...P.Q..%`.A...D$...V...t...P.Q...^...VW.|$.....t...W.P.....t...P.Q..>.._^....T$..L$....f..AABBf..u..L$.3.f9.t.@f.<A.u..S.\$.V..C;^.tLW3.j.Z...........Q.......3.9F.Y~.9F.~...f..Af..G@;F.|..6....

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\lod[1].php

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exe
                                                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2
                                                                                                                                                                                                  Entropy (8bit):1.0
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3:V:V
                                                                                                                                                                                                  MD5:444BCB3A3FCF8389296C49467F27E1D6
                                                                                                                                                                                                  SHA1:7A85F4764BBD6DAF1C3545EFBBF0F279A6DC0BEB
                                                                                                                                                                                                  SHA-256:2689367B205C16CE32ED4200942B8B8B1E262DFC70D9BC9FBC77C49699A4F1DF
                                                                                                                                                                                                  SHA-512:9FBBBB5A0F329F9782E2356FA41D89CF9B3694327C1A934D6AF2A9DF2D7F936CE83717FB513196A4CE5548471708CD7134C2AE99B3C357BCABB2EAFC7B9B7570
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:ok

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\star[1].php

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exe
                                                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2
                                                                                                                                                                                                  Entropy (8bit):1.0
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3:V:V
                                                                                                                                                                                                  MD5:444BCB3A3FCF8389296C49467F27E1D6
                                                                                                                                                                                                  SHA1:7A85F4764BBD6DAF1C3545EFBBF0F279A6DC0BEB
                                                                                                                                                                                                  SHA-256:2689367B205C16CE32ED4200942B8B8B1E262DFC70D9BC9FBC77C49699A4F1DF
                                                                                                                                                                                                  SHA-512:9FBBBB5A0F329F9782E2356FA41D89CF9B3694327C1A934D6AF2A9DF2D7F936CE83717FB513196A4CE5548471708CD7134C2AE99B3C357BCABB2EAFC7B9B7570
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:ok

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\107.0.5045.79.manifest

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):225
                                                                                                                                                                                                  Entropy (8bit):4.929804541487484
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6:KdhlRu9TbX+A8/5RFYpThkokIkoX0CdiYCWoA1G:KLuVA5cp1kvIks07vWBG
                                                                                                                                                                                                  MD5:C45BDB4215269232365A5939FDCFD5EF
                                                                                                                                                                                                  SHA1:6947C09E83ED9FF44C747280104CE62C129CE08B
                                                                                                                                                                                                  SHA-256:881561A1AF511D35898655D5233605380EF1E71111781C05F637AE7EC578B216
                                                                                                                                                                                                  SHA-512:0575A827C9C57FD1B7EDA4FDC6B5D710EE87AB3CCB1F74CF3F3E6A771A1EFCE490F549BF90803D237352D6E461E3275EA90B9D41B701E56F8DBFD07F44733E14
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:<assembly.. xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>.. <assemblyIdentity.. name='107.0.5045.79'.. version='107.0.5045.79'.. type='win32'/>.. <file name='opera_elf.dll'/>..</assembly>..

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\706e16a2-3bf3-444c-9eba-7ea20c2bd954.tmp

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):405802661
                                                                                                                                                                                                  Entropy (8bit):7.083358086913577
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                                  MD5:5A0409605B7CD1C21C44D2AC71C71610
                                                                                                                                                                                                  SHA1:D08FC7214FE9BCF860DC8ABEA9C7A0049263BFF4
                                                                                                                                                                                                  SHA-256:2BE333D303ED3E5FDE88637A5DFA0AF56E5047A7413B7E6B3D372A7DE7C8BEB5
                                                                                                                                                                                                  SHA-512:4D2BF9BB50C98F39CE5B4E116D2F73E33090037CC529121D445F66E90527C71D6FBE2C11EBDE36CF5F4AD49EB4500E2751AA273800F93F549458EECA30E3431F
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:<assembly.. xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>.. <assemblyIdentity.. name='107.0.5045.79'.. version='107.0.5045.79'.. type='win32'/>.. <file name='opera_elf.dll'/>..</assembly>...PNG........IHDR.............<.q....LIDATx...1..... ..6.^`...................{........m.m].m.m.m........[s....._.....N.Nw..._w..P...R... ......`........_[.i1...`.$.......C......*..,...v.l.>.ZP.B...E@......!?d..!.d.R......g)0...^H[.u.4.k`....0<.d.1.....0...Q`..I.._T..!...|pG.m=..a&.e.U(...C...n.^`........FB.X...Oio...z!...:.Tx.8;..9.[a........{.~.^......P.].r..d..A...?....<y.v"......l......^..._.....MA.o....?.>u._.d..`......E.@.5........E..................R...A..O}{.k..2.....jx\..5U.a.%."#.nA....6.!..W2.............R..j6r..v...."....N.GA..8.......>..p..#..,X.....Q...y..#.a..)....Q.e.zc\.'@.Al.....io....=......D.......F......A#6.^.^.Ma5...b.b...D...+.P.. .[.o..z....,...#<U.0.O.#..Z..........Q{...jA..ka|}...q.s.y^.!.Gh..R....t.g....F.......g

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\Assets\150x150Logo.scale-100.png

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:PNG image data, 150 x 150, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2181
                                                                                                                                                                                                  Entropy (8bit):7.807674908350133
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:Pe+1prHq0WWdnFX5lKhqEiJVk10s5pqe/cme:G+1prHqXkhrWqEiJa10ae
                                                                                                                                                                                                  MD5:B5A21B88B3D8A42DF265817EBEB742BB
                                                                                                                                                                                                  SHA1:E0BE32B4FC158DB4E9783094CCE614922114B742
                                                                                                                                                                                                  SHA-256:9635C074C9D8EDDE0BAF3111DBD7DB49CBDC370C4F729C80AC382949F32BE526
                                                                                                                                                                                                  SHA-512:21ECE0DCF17B038400D09565438FCE8BE61746DAA0250F2FA9D0526BBA3D1CE6F8DA5CCE944EF8FA685C5EB6CF857B073D2A50ADA44A44A76D84813871FAA5D0
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:.PNG........IHDR.............<.q....LIDATx...1..... ..6.^`...................{........m.m].m.m.m........[s....._.....N.Nw..._w..P...R... ......`........_[.i1...`.$.......C......*..,...v.l.>.ZP.B...E@......!?d..!.d.R......g)0...^H[.u.4.k`....0<.d.1.....0...Q`..I.._T..!...|pG.m=..a&.e.U(...C...n.^`........FB.X...Oio...z!...:.Tx.8;..9.[a........{.~.^......P.].r..d..A...?....<y.v"......l......^..._.....MA.o....?.>u._.d..`......E.@.5........E..................R...A..O}{.k..2.....jx\..5U.a.%."#.nA....6.!..W2.............R..j6r..v...."....N.GA..8.......>..p..#..,X.....Q...y..#.a..)....Q.e.zc\.'@.Al.....io....=......D.......F......A#6.^.^.Ma5...b.b...D...+.P.. .[.o..z....,...#<U.0.O.#..Z..........Q{...jA..ka|}...q.s.y^.!.Gh..R....t.g....F.......gt..6...7YjaU....0.*.......3..l.#.. =.h0t.06.v..C...T.}m..%...g..i,Cq..8.g.q..hx. .>..Kz...1....VF.)..q..$....._Z-.U...(....~>...-z]$.mh.%...e.+.....|.n.2..:...N._R..x..>.|S......i?.P....Q.F.d..U.8..i...T...........I.

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\Assets\150x150Logo.scale-100_contrast-white.png

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:PNG image data, 150 x 150, 8-bit gray+alpha, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1828
                                                                                                                                                                                                  Entropy (8bit):7.716814612583543
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:uIrxqF+qFL9yUaKagPWex0mLgIbPdyFKD0YTkogFey6mkAN7G:3wFRoGagTx0A4KDfTko6eCZG
                                                                                                                                                                                                  MD5:0BAE0648C3E320C4D439F158B4FD5531
                                                                                                                                                                                                  SHA1:4E860AE24F03522C89BDF37F3CCC10B54832861E
                                                                                                                                                                                                  SHA-256:28CE8FCB22080CE1F69346CB0720BBE5662959E413426F00062B706013DA8C28
                                                                                                                                                                                                  SHA-512:6A5E4105CCBE1664546798DB057B93622C9CBD6D5AF4967E6BE4E390A18FEC0FFCC807E3331F09ED0DE63ED85569BE7EC5EED5A7C663DF6CE4A5B70E09500371
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:.PNG........IHDR................i....IDATx...i.]U........J..RT.H....T...seV..)b.B.5.@.a.Q..P.c. 2E....eR...P(.....P........I...s..v...y...u......Q.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ...S.n...j.."....p..|B..]....>.......9.32.....Y.l.R..*y.\.8.4.....p.K..EY%}.5.h.[*.|.V..i.F..q~...;..W61.M5_..1F...Gj..IZ..u. ...*.w....oS..D.r.).U....j.y.#..y..U..;S.-"...n..v.^i.UW.j.hk...n.....,...LRe[.i.}....H.z@.9.q..".v.U9.""n.)....DD.iX.b.....*'....v5.#..~.$.7.]..Tm.....i......+....m...x.j_.'"NG.]..n.j.vl{..Ls...;.T.=E..3...1;.v..xB...*"^.1U..8...xL,7]...D.9.i.."..N.."...c..D...X...c+.t..8M...[......"f.........R..0R.1..Xh..;ND.=U.ID.a.....v..8...'.uct.....k.q>.q.jc.+b...F....r....AN.....}.....Y.J.k~.;4.3".U....s..$....n.q.b{.q.j......".Y_..E...b.=.S.".4...[...S....Y.6O.L...."...."......i../"..!M.>..4ED.....I..""60x.Ct.i...4.."..f..`(.....4..5.L....o........*W....xX.M...E..C...r.....U...8..<'.G.}D....E.k!.8...ED..iL...V.8.."b.C3[Dl..gED..^....-...NDL.iBs..O...`m..zW...k.A

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\Assets\150x150Logo.scale-140.png

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:PNG image data, 210 x 210, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):3140
                                                                                                                                                                                                  Entropy (8bit):7.81304512495968
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:X4+RWiQZwj2bSjtW8+i2elETWt5nQ1pzuiV8:ozEW8+iZECt9kzuie
                                                                                                                                                                                                  MD5:7E529063A02E4E83736B0263CB1B82E0
                                                                                                                                                                                                  SHA1:17A3C4B76962E90B1D2FA8A49441157949F4DC78
                                                                                                                                                                                                  SHA-256:A36A13A5D5E3D39E3018CCC5F8859944C87256F8BE24A3C08A6BF3CB06A26804
                                                                                                                                                                                                  SHA-512:571806725F83FECA90360B246D167A8857EDFD9EDC8DC0EF7EEEF80F291FD06088C405A5653513CB8AA309DF08CD609DF85A95E3379E3E5907566C876CA77CDE
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:.PNG........IHDR.............?..B....IDATx................................................{..dg.8....m....m.Z.m..;;y...s.GI?..Su..k=.T#..#.;..}/\.g..:b..a+.....t.A}...q..hq.-.}...`:.gk....tm.$...Ax.....B....c.ih....G6L.....;...T.U0...l....~...........W....=<j.....X..O.....r.Y..-..Q..1.....q`..PC..jL...x.'9........y.b=L.m..(U........a.....W......`:.Me.jh..U0.......;..{..I..|.W..C..4...b.nt.......L..a.........`9.!..7N@.......E.?..$.._.q..6..":.+`....W.O.G>o.F.K.c..G.28..Q.....|.....m..#X......N.P..{:...1.........4...F.....w......Z89.Y.w`.L...v.DC.h'......h...[=...c.2...&ze*h..t..j...@?..cpN......0...KC.....f..F.....2"...c1..m.)y..q..(..C,.e..!w.N@I..q4.......!.A...;q..Y..sy.{...."L.p..#<...'.-8.!u.C#...O;.......y<.=....h.c<.=...5N...s....._...p,..Ia...yo....=...Y..4...t.}m@....g._.......#.M{...t........t...;.bjh..l..84.C8..z....B9..[.D.R..}...r..e.pl...~.....<.~ `...Ep..b...L.^.9..x.vB..IZH.a,k..c..L..U...M0....}.n........H..<.!..B.(Y

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\Assets\150x150Logo.scale-140_contrast-white.png

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:PNG image data, 210 x 210, 8-bit gray+alpha, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2659
                                                                                                                                                                                                  Entropy (8bit):7.828610258666657
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:zQX9JrPPPPPPnouwOlIbylOhFARjcSY1E1y0fAiKb+Y+GzYvpSYWTX5sPPPPPPPn:z0rPPPPPPojFby+m00fAiKiySSYWTXqP
                                                                                                                                                                                                  MD5:EBE7D27ED3B4CB6566A10165ABFAA941
                                                                                                                                                                                                  SHA1:FDF7C27058CF5DAF7061756E938A33C1BBB26C3D
                                                                                                                                                                                                  SHA-256:0BD63FE653885286E180FBDF6D1DADC66AF242B8ED6BD1D03D8C5ECCC20E91D7
                                                                                                                                                                                                  SHA-512:50EC8592D78F00A6387F06E077E0DEF88DB26723C0FB8632C4EA06F2E09488DB0FB82E0EB1F03DA53F9C750F6CEBD29F7889B1DE342E4F0AE69F88C4B7B1425B
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:.PNG........IHDR...............V....*IDATx...{.]U}......"... .!.#..D .k..:.....5...6B..Q@+..lq.(%my.P..C-..Eb..<L5..<C!.1.$wu...f..}........5..Yk...^{.}..RJ)..RJ)..RJ)..RJ)..RJ)..RJ)..RJ)..RJ)u.d.Y.b?t..Q.E.,u......$o.-..rK....nw..7..w.TF..-...5=.r....?N...a.N.....~7..7,...r..-..q.}..R....Ye#y.u...IF2...Z..6.o.F....R1<w..]T..H..zw{.k..Y.L.Fm.k.ay.W.P.....I..,5G..C..........v.]...].-R..A......1.a;J-..>E....Qe'............#^VF.J.J-.....LRe.....|....g.M.e.+<.l$gHM.l..y..T.s#.Ow.o+....=...4....P"..J...("...]...~....z...h...P.*..QD....Fg.a..7m...W.`.j..C.q...E....D........8.i..D...^c...J.,.../.&rH[M..9.4._kfzN..#..bD.....[.D.4M3.....2Cs.........._k.Z%....bs7+...wkf...'.%..D.j..!M4A.z-R.k5.....q+-.*&j,..GE......p..(.j_V"......i.M...7.....E..LUz.8>i..jm....[.T.].F.%Q.;.2.....X.x.....-...b...;EQ..dU...avR[..V...f....`,.....J........K...........NWe.....Z:YT.>..{....-..(.uvV......P.x...m..ku.)q..Z>9vU;.)..xTC........j"..ra..D..(..6...t.Ib.O.....D

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\Assets\150x150Logo.scale-180.png

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:PNG image data, 270 x 270, 8-bit colormap, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):3904
                                                                                                                                                                                                  Entropy (8bit):7.301300867894784
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:Fe0zdfrjvg/ofL7NkqKgOL6bq64wL3XtakhXSTxyfO8cg7WZUScsO62vSQ6Q4MCR:JdfrYoDdbJlXBRSMoj6H626Qr45eg
                                                                                                                                                                                                  MD5:F332E088E89B88070EF1EFBECA5B90F8
                                                                                                                                                                                                  SHA1:86129A8B1E2E7F78D6CE23C58A37FAC9DA5E566D
                                                                                                                                                                                                  SHA-256:6A8F64754C75EDCC9ABC1138E44ACBD7064D7E8E2A28783939241DBD6AFA30A5
                                                                                                                                                                                                  SHA-512:2314AAE692C024F914661E46CFD76531DA6C09B94C084FE915A0594625927DF30282D09518A950EAFCFDD2E499B1E4877CF3CDBF5509DE0CC756DADCDE43FD45
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:.PNG........IHDR.............Oo......PLTE.....N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N...*....tRNS..8Uq...........jO+..D......o3.0y..b...g..a...@........_....d'...7Qp......K;..^h.\.W.../...S....-..J......&......Y..I!.P.w#...uT |....:.V...1.z%.Fn.6....N..L..$.2.?.e.s".ti

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\Assets\150x150Logo.scale-180_contrast-white.png

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:PNG image data, 270 x 270, 8-bit gray+alpha, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):3673
                                                                                                                                                                                                  Entropy (8bit):7.8322183683928195
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:nBWR5fosUcvpqnOtkeU4ghCboMmSaj+5UZy:MvHUUMnOtpz4Csz65UZy
                                                                                                                                                                                                  MD5:98B9F7A4F4322E7B46DE392FD20F66E5
                                                                                                                                                                                                  SHA1:D009D227522206C40CF592E460C9642CD03B8769
                                                                                                                                                                                                  SHA-256:A706B332E6A846357A86C30D0E8BB7697E7DD55C2AE592DD45611DDCE0C0BF14
                                                                                                                                                                                                  SHA-512:3B3E5BAF3CFC57119E0812DE2816DF6C7DCB42E96C4891E47C4F32320FD3BE2F27A0118051A6651595BAAAA30069BB1C0D78AA701744A44534CABE7547D4BECD
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:.PNG........IHDR..............1.... IDATx...k.u.......:.....*.o..I..J...L.H.(a...1....6S.....b.6..2M...fD.M..TN.5..o qx....;g..}^........."""""""""""""""""""""""""""""""""""""""""""""""""""""""q2.3Qr..z..<r....D.w.2.".r.*...s.......\..)d+.XJ.A........8Vq....g...vo.%..B..._M{.a&.XZ;.|r.v%."NaN.Q..R6....c.cN..~H..M1.X..a'%.d,=iZwF2...;.l.xU.H[..i.6;q.....#.y...w...... m.$~..$...L\E...l. .IM2s5.==.%..-....|.:,.`..........<.c-.".\....l...3...j4...B.sn@....Oxb.%.....B......$...-...WC).j..ru.s+.{.2"..5.c.q.e-...;.`-O1...@.G.F3.El.'..>$...(....d....6....%.CG\.e.[8.5.!.#....`q.3.W]X.%...$y...&...DZI....K..W.x.....%.......H+.O%../..n...~....C4...9nAZ..`..F...2.S.khhtz.E.(.CX....Uf....^&J:..@....$M......(.2..U.].O'vc...mzxlm....obq.M6....,.."H...}J'\yll..,....Jx..$/..X.uH.&.].....r,P-...[9.Q...Lr:....(..>..|..;.h4V.%y.|.]...$#....[[..d...U. ..B.H9..d.26.#.w..5.b....q....oq..0Z.y.NP..1.c.V!!.D=.k1.:.?.q'-..w.]..B,P..B...|....+X....j,..2q....

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\Assets\150x150Logo.scale-80.png

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:PNG image data, 120 x 120, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1723
                                                                                                                                                                                                  Entropy (8bit):7.769427546963699
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:MtXb2ikqrN+EMaUeTPMSEGS6CT/GF2MdJtDHBkZH39Hmgwiw:CXbzrzfUsUGS6A/ETJtHBYNG1iw
                                                                                                                                                                                                  MD5:1F2FB1BF463B2FF2BEC96784DEBFEF84
                                                                                                                                                                                                  SHA1:AE6F721AD937FE39F86602F71002435B18BF1EDD
                                                                                                                                                                                                  SHA-256:7E6B0D9EA7FDA1B5CA7A0B01290521DFF943DA4CBF1498412CA7D749DB42C32D
                                                                                                                                                                                                  SHA-512:0C92C4F75E620D0B636CFD83E89C69A44F6A96A00006FBD0B13637BA5DCC77C9B302029E62F4B80766811F31810F9C20AC1A98B65C38789951CA0E19A5BB6894
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:.PNG........IHDR...x...x.....9d6.....IDATx......... ..................s....P...m.m.m.m.m.6N......w.......-...g2/...)z.....K....~(^..`...j...z.^Sc.n.,.....0.VW..al6...a.....R0...k.Q..N..P.x.J[ol2..)o...A....x.....c.m;F...t.16.....L8....vb=AQ0.<.X).@....M......g.....k..,.AN...-..R......$....b..`...... %H....`6.g#..h.]q..5._.@dA..c0.;X....a.. .2...~..;.1..:.x.....q[@R....,4.w.v.._..s;.b..s.Qu5..U.|.6Zj...P..........\...qa. ..D..W.L...c.~.....A...F1g@x....V..`..,..D.=..d.i..Q...o.c...N......$.`....]...P}.G....BT. .?.......L.n..+nG./..cC.>0.N1.\.C..B..4.l./L.3....T.c.S..bf.0..t...J..!.aU..p`.....0./..}.iL.).w..hc.M..'.. ..;'.p.Rt....R.g......8.%14...S....<.Jf./@..U.h'.G.R..D.\..z.4......<....*2K.S.bj.1....=.../pd.........cfPL$7....S[.M.%H.M..W..T...ZP.aA~....D...+..~EYK.#..zOZ.]fA~...fz..].....7.>..|.........[...v..M..vb.........L....z.`.P...X..RP{.....`...+.0...l/..>...i.w...W. .....x....T...............t..+B}d*`/..+.;L...J..._...iC..pv..gA~..k.

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\Assets\150x150Logo.scale-80_contrast-white.png

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:PNG image data, 120 x 120, 8-bit gray+alpha, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1425
                                                                                                                                                                                                  Entropy (8bit):7.721284228612739
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:sRv0SxfL9UEp3g4/RjUG894TBRVPvhjfghucgXy2nRlWzIXQuohMU9ocyMDh:sRv0sq4/tU10XVPZjhy0Izy9srWcyUh
                                                                                                                                                                                                  MD5:17471BB63ED62A6E545B6B626A763511
                                                                                                                                                                                                  SHA1:586B9EFDE7B3A04580A49F8FE7739593D42D303E
                                                                                                                                                                                                  SHA-256:DFD1054F989CDEE25F19EA792F363F042A125CAB537A424F0224BBEE13607E39
                                                                                                                                                                                                  SHA-512:F619D963B62EDB07C8077C3C6AE60ED8D3F3DD5BB1D05A2B83DCA1A7A4A346598B055F6C7EA22E05BF281B1DE0F205F5D1054819000759D9450EE1FE8F6491AE
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:.PNG........IHDR...x...x......m.Y...XIDATx...m..e....}....d...9]9\...r2..L..37...S..."s..SV..].t).*.I..dh.Em..`A ...9.`......./..u.}...........v].KUUUUUUUUUUUUUU...~.p.....M.6Y..l.]...Fv..W;..o..d.l...r..{.d..r....a....r.y...@..>.z..C.l.qh............7{E:d.w.W..ZD.2[.~_..y^4.q.!./;GK......Z."s.m..9...{^.g...g...i..[$"F..x.Pj9.b[E...,.q.^.......v. w...4.I.E\....D....9......C".Q.._El0].=.Z`?.>gD....&Y-b...+E...(.f..~`..."^....Z...:\.h....S.v.v-KE,.8.....W.....Ag.V.....q..yD.<..6....x.d.N.....d..?.Q...[..".WZ&.,....v......Z...vG..k.4."...tv....".T.K.L.q..sQZ%.M3V..D...D.!.-.T.*b.n|W.u..xVl....X..._.."...n...5...W.?.1U7Z...p.>#.R.p..#QzJl.;D\..;E....Q..zl.w..wD.4 .j.u....D,.SE<..Bl.........U.Z.[D..._.4K..u.....mJ.e....&.m......-7*..X...:T.K.}..;~....."6(...O..(M..=.#.q.{..xHl..E,...v...3.`......X.[.E|S.IF......C.b.....r......9....o.\.x..WM..J..5.&.IJ......|...........q.J..!{t9L.Y.}D./5.."Vv|./4V.v....i...8Ji......ae18...>.q....0...X.,

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\Assets\70x70Logo.scale-100.png

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:PNG image data, 70 x 70, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1564
                                                                                                                                                                                                  Entropy (8bit):7.78686155071436
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:kO3Sxd5HLMZAoBjXkaBPxrX6hzB6eCvTYJSM2nY2YptQ/ceAV5ulBbYZwix2:MLLMWcV2z8nryWY2SDV5uPsqiw
                                                                                                                                                                                                  MD5:C3722E0232EC20AC8F99CCE7A040B294
                                                                                                                                                                                                  SHA1:91CA47DA87EC045ED3EF5D97243167F08FB9E10B
                                                                                                                                                                                                  SHA-256:A333D7E4293F5269426B3FCB673A284F3708A66F957DE62403B6570B24BAE8F5
                                                                                                                                                                                                  SHA-512:71940B8431E36307BA5176939A169B9259BB6B43C32529A10A12C5EA31447BDDCCAD7EB9EF7CB309B175EE7BD56E70926BD5AA0855D0FD9497547ECD7FF93158
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:.PNG........IHDR...F...F.....q......IDATx.....L../..m.m.m.m.m{.._...+...d...[.|..y.'.{8..N8..N8....x0..$.iA&..d..@r........&X...../.z..../.....{..../u~....|.._4$5..4...6....q..P..D.U...u...W....o@#..j .o....j...r..MI.n..X.RI.]..W*g.g..;...|.D...2..._.#..$.....A......I..r..GOF#F...L)..P.8.....G.. .l.m..J.=(+.{..@#....CH..|.:..n.%..0..*.{...O.+.Q.ORp...7L)dxS2H..Ge....e....$..k....iJT.~...eZP..A2....g..PUB..|....v.......>..k..~h3...40.x...(.......v.%.F......vl..h`>...P...4...W4.D...\o.9...z....3]........`.}t.......XI.[z..%....S<.e... .D..TA...'.....h....l...,...$7.......0,%....I[Au"...d&?.j......,..|...~F..pB...]......L.]d.v5...U%..h:}%..._.$...X.m.....S.yL...Bc.R;K..8...*..TiP.}5.g..p..m..s].ZU....H.{P.!,..?......t.U....=m-<.a.v..I$...u.T5..LG..b]...c6.19d;k%...3......,..I.[.1..:...YN...h.*5...W..._....dL6.v.Rch..~...i.1G....|].AU.k...H.[Q.a,6.5-....Gt.9U......n(.#...D.v......_.*...@I.}...i.u.@..w.T%..*.&Y.:o.X..3.Z.m..fW..5.....D...

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\Assets\70x70Logo.scale-100_contrast-white.png

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:PNG image data, 70 x 70, 8-bit gray+alpha, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1341
                                                                                                                                                                                                  Entropy (8bit):7.829707677562043
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:vHNfCYvjHq3yow73tnF7H1r8IR07iBa/ptAFjLmocqM3LNpi+MaG9vz:vHsY7Hq3QzT7H1r8Wr0/zAxfyLNp1Pab
                                                                                                                                                                                                  MD5:504D80D276ADCC0163A8E4720013F9E7
                                                                                                                                                                                                  SHA1:6D34A0593FFCE916CD19B66D61004FD7E7EB2CD1
                                                                                                                                                                                                  SHA-256:EBBE0B4761EA8968A0A3FAFB383AC7AE175E98CD31A0F41BDF5FCB43469B58EC
                                                                                                                                                                                                  SHA-512:9961259704FF97C0E1899A33259F62155B73264E272064F3FA90E64124513C7C8BD6AB69A39C1EFB271ECC2972AB8FD86FB836F22153A9BB35419C3816D11337
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:.PNG........IHDR...F...F......'*.....IDATx...{L.U......#A../.9S.&:/..%]ti...TL][Hm.n..8,gsZ..Zk....:u....lF...".I..[.H(.q...{.sx.</......y....9.9.<."""""l%.J..2.L...xFp?...?.8....:N.M..`2.i..M.uZZ+'..C......9.f.1.X.}He....b...$..V.."..'T........[.s..}..F.........t.lnK..d.5...Yr..ld..x.\...iP... ....X......a ...i.C.D.E.H.&......Y....h..G.....1..h..C..>t...$...m..+..../.<.n4.."..(w..%,.R-...t.$.?..#.QB.+.ep..-.....r3.LYo....A...1CVK..$=.ER....}.o.m<.....#....D]O 1\..}..^....,.|[..L..j..`...n.,...C.N.K..U...k..(.IF......1.....B6..X..U......oK..cvm...tP.....,lM....iAq.+...~.t..M.&...0......i(.y.Gq......Zw.,.H.|... .H...zXR...>....K... )S...E......V..H0UR*...P.....\.I......n.fj*.*|..1...U(=.....~@=.X....Hq...4.....D..4S-...x.t;.....X0.....`....j....+..X8....z.t..DV.6c.\....=Ri2.y.{ac..../Gv./....X.n..o....x..ha.d.....p..V.QRg....8...?.[Qrxo!...r....Ni.4tOHz...Ca...z.K....er....3...;....(.0..[r)6.J.3.S'..(.v....l..~t..".&Fwx..M....P....>.7.E.Z.Y.%.

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\Assets\70x70Logo.scale-140.png

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:PNG image data, 98 x 98, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2005
                                                                                                                                                                                                  Entropy (8bit):7.837796638299837
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:FtyHJuovwDhlXRvUCvqfPAuwdESKbtU04aQkClnRU8lbPxbsFIV4hEIA:FtygGwDhlX1oHO4KwCAQ9MEIA
                                                                                                                                                                                                  MD5:667BFBAAEB2D2B372B6E0D4BF4992CE4
                                                                                                                                                                                                  SHA1:4C6C2E07183963F59391945FBEE077B55F8F6B2A
                                                                                                                                                                                                  SHA-256:207519F1C7B6C7509BFEB7B55724997EEC6456C8BAF55E882E72FC5CD43DA221
                                                                                                                                                                                                  SHA-512:AC63A3DD2F6088E7849E3824C35FD58CA78EC77DC31E1F6CBD47DE7CC394318CBA7D2309912206A94180267BE057C2AF5C835424019E2A03EE33A2AB801BA9A4
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:.PNG........IHDR...b...b.............IDATx..........S.d..........=...F...m...5.r..........m....g{......[1..q./.D.B."......)h.a.o..x.p..r....]..\....b fR......W.a.."..Ix............58.G.G%D.....0lE..E1D.<...u<o...6>....-.`..FX....l\.....K.....{..Y........D...............B.<G.....7.5...8...\....?.!j.b..F..PH..X....8."..,..R....X...((..G.0..&~a...{..DA<v.....H.4Q.u..a..#<Bk...E ..b\@'...3...U.\..4M...o.m.m.m.m.m..$..R9......&..NMW..{..4].....m....h..y/..x....a.[e..7.ua.^.lC8....l0....1...r.&........G.......c.....d....F]...M.a&.M..V..?[..t.P.Xx...*<.(...s...'.Q....'.~{_......8....R.%..7|O.Bl......Sr....^..@..........us.".M..?x....*.T.....A....&.l........H`g..."...I}E.7..].=...C.gz........V!.EE.....7WvB.!.d..vJ...k.{?.......1.n/.Q.{.....LD..;k...\....]G..S.+....F3.}z.=F(.....$..D.[.y.... /Q..eU...]M.[r.......}.f.s..;..!...s..C...x...Y3...<....0.O.p.\..&5...f.u.....4..A..".. .lD..7.#..P.../.i. ......+...M...}/..U\...}..Ah3"t.....D...!v..V$

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\Assets\70x70Logo.scale-140_contrast-white.png

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:PNG image data, 98 x 98, 8-bit gray+alpha, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1697
                                                                                                                                                                                                  Entropy (8bit):7.76630495035972
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:TyhJvOYkuSoLYIWawZM7SkzaacHxXgr4RzhQpKP7C:6JWiEIOuWkCxCSzhQpCC
                                                                                                                                                                                                  MD5:93223E8777B581E988B703DF82593B17
                                                                                                                                                                                                  SHA1:40A035464C27041CCC87C7935C45100D93D1C948
                                                                                                                                                                                                  SHA-256:464AFAF960C32ABDC2C3937A48BF14C5D1A819B017E719FDED591D43A65D94C4
                                                                                                                                                                                                  SHA-512:B8A3EE4A71E609625EAB51F0F6DAFCC82CC47BA2C567CC8BF73CF6423056F9171276289BFDCC8428B7C07645097664065EE9B0B78874425BFF800178222FED12
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:.PNG........IHDR...b...b...........hIDATx...........9.Q.f..ttS....u....%..1.a.s.!f..c.b.b.K7QFg3..Y..2M5..6:B..z9.%..N.s>9.{.=..........|.7------------..QNt.G..].E.....b.s.e..X.C...Q.b.;.p..m......g....L.\te.G\.d...F..X..=f..]y.A..\e.t....Ei''...d.X...X..7[TYh.1J..g...y....]/.,r...........mi..2.6J.6Yte.....g.....<o...;..v.T..KJm..\T....i...G.."Qe.c..1.I.T#.6...2...7.y.K.*'.....p..J.2S.V...zf..Z%b..Z.6.z._j.}K..w..R.2.Y..M...P..l..d.JG..Sm..0V..o.u.'R..6...(U.k...k.+m..i].n.ub..D.b.JwJ......-1..(. U..|.^....(."UO..z;.@,2Vi..D,...;K.NAi.."f.TO.j.XlO..}$..M6..".iC.."..MO]-..[(]"U.i..E...J.K..zn..".V..M..i....q.(=%.5...R.e...:P."..(.*U..[...M.G~C......Q3)..]o.%U.*./.c....t..:J...q..k...g...R....\...A.@.kl...H.vJ...x..../....9.:..?q...Y..":@i...4f..E.Yi.T}^.....Q..#..h.#"...4S.y.l...AiG.kl.QWI.nJ.E.F.}M.tP...9...U.f..g...../....]..U:N.{..B..A.2..i.Ru..A"..+jg.kE./Ru..R.g.D...n.q..X-b...f...b.+.q......gD.Y.....q.....t..kA.."&j..Ru..."...j..D..4n.S.wD..gG.x..

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\Assets\70x70Logo.scale-180.png

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:PNG image data, 126 x 126, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2699
                                                                                                                                                                                                  Entropy (8bit):7.8799233652993115
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:Is+9LgA+9fj19UhKwdgrviOztr/CrWbqCLRTFxFCEEgq0Ol81sqAGz:IlSN1gBTOztr/jbzdh1y0wl1+
                                                                                                                                                                                                  MD5:704D0A2693B350E7C463B0FF2143835B
                                                                                                                                                                                                  SHA1:0313AD4C3690A590AC54552D2C27806E73776600
                                                                                                                                                                                                  SHA-256:D6367DBC074E37F3488C26B0BAD229BFE99F5C6BB0E28D37B41906C436152B57
                                                                                                                                                                                                  SHA-512:4517B2FA911149885EC5549F3173D3C774716740826873E4B2199C804B17E776A5296565930E5ACDB8D5476710A391B21E6DA8941DF64C525A487DB4619A1EA7
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:.PNG........IHDR...~...~......#.....RIDATx......................f..`....6..m..j#fm.qm.Am.m......%_...q.i-.>dh.........q.o!!..]...LC.TF..D.o.8...8.O..|.iLC#$PO<..1P.....wX....J..<5...$`O1.YU..g.L....<.....h....K.4Aw.....[.I...yU)....D|..x......`f..................9f....Y...p..!..E..U%...]......l.#.....#gPB.5...^C4.G.........g...5R... ......W.~H@. .*....8.....G...N.U...c....J".....YQ.m0....b.5.V.Y....:.......(W1.E...yb.,..a.bT.^.O!a...6...+!:.*..|O1......ZQ9...M.6.....!.6..O.XI...#jF..w.o.#|c...%Y.h.m.m.m.m.m.......8.qog.N.....3.}...R.....8...P.M.....].....B......3xs...:M!...K.;.mL.7l.N..=..7......sfJ.;..|Q........}:m..08...y.+.5...D..:....|8.m.]........04Z..b.......c.r....|.....m.6/..!...Y..)4._..0KY.e.[.qL.!...X ..jk.....|.....Ki....q...28...-.....<....4.d`.Z{.-]|B..3 PJ.gP.iW-..]m..61c...8.b.,.. P?&.0........A..!_k`.\.s.>.......d..R...."*<.e../.A.S .+...O.Oq.&.B.Y.6...S.!W^....... ..3.A..*...GA.uX.|[..Oh..=..[..9....l-.l..+...mM..Xu_.#)..

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\Assets\70x70Logo.scale-180_contrast-white.png

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:PNG image data, 126 x 126, 8-bit gray+alpha, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2334
                                                                                                                                                                                                  Entropy (8bit):7.8839656878677005
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:W/zeI9zj1u/VwgVNR+vEgxOfU99BpcZlp9uqRhq4eZDU0BMK:W/zn51gxN4RxH9hUlpkAMt/BT
                                                                                                                                                                                                  MD5:39E2FCF13C20103C5F449C06D3A4CF75
                                                                                                                                                                                                  SHA1:AE8E1BCE2BE17ED450D891864E6AA22642AF39AC
                                                                                                                                                                                                  SHA-256:5D46E4056F3915C279F1FA9EDF61D93529FBCAE5C59D616380EC5D9405B7763D
                                                                                                                                                                                                  SHA-512:8E4902262B064008804D49D1B5F27BB7B8F33ECEFB05181AA69534E1D21662719DD4F8E0677C58215F6C5CA9EB4FB92FCA54A89F9720230AFBF06A70216ABF26
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:.PNG........IHDR...~...~.....H*m.....IDATx...{p......1\0<.%.1<........L.(.0P....R.(Hkk.3.>(-.X.t...>.Q........#P.H.JECxZ.<...5...${.7......../...g........x<.....x<u.0.Y<.f.s.r..7..1.Q.#.#...X...C|.r.......h...b.e..D.[.H..RG.q..f\.9RhV.y....<.Z..0..K.9.c.s(.C9...d=.4..YJ.V....l2..Y,.....u..kH&........rFh.Na.k8A%J..<.-D...Wc.EL'..T~.......I.........N..F...<E.Q$.*.-N2..a.D..;H Jt..%q.....ml......3L$.n..-.Ha0SX..\.#..w..28..W...Z.......Y.......o.......v5.......|...xv.X.G5m.e....tzq.e.7.G.r..Q...D2l.^....E)J..14............~..HCg8...JZ..TN....id..l...3.Vz9...` ....%3.F..v.JG'....Y...,.lc"-.K.]y...h.m.0C.I....".(Gq....g.S>E#....C..+.....].u...+..I...g....b.H....3d.S =.O,.7[...q.|.6/..U.U(.ed.,....DX{.JA}.im;..)..ld.p.*?....QK.....H..i.....#.~&=.&....pZ..&.2....J.s....p..r...y.e.....c..3.g.H.z".#....C'M.h...?......v...&"...z.e(i.+Wz].....<....?....M+s.&....d....*.0n.....s...<Ws?I....?.{...`5z3..w8.........s.B.d..K..K....LLY.j..^...a.p.~.z....-......l.dM.

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\Assets\70x70Logo.scale-80.png

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:PNG image data, 56 x 56, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1096
                                                                                                                                                                                                  Entropy (8bit):7.755097954664401
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:TDh4JYYFMId219dZt07Zcglb4iS/cFEAAabL3/006Fs:B4JBMPVEbCe/006Fs
                                                                                                                                                                                                  MD5:32D3E390613CDDBD639E70DDB2511AC0
                                                                                                                                                                                                  SHA1:C96AC088E72D756F31896B16776EF100379F802C
                                                                                                                                                                                                  SHA-256:DC20E5AA2B500CD5B5C9F89647D3487810685C94268F22678E27820E2454BB3E
                                                                                                                                                                                                  SHA-512:7381CEB8FEE84F398082177F30DC01593BEEFA729C73B0166AF686BCD25D54312B202D9243834B754769DE41E9A1DEED74CA91A76DCDA918A749CDB4F08C124B
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:.PNG........IHDR...8...8.......;.....IDATx...S.,I....[k.m.m.m...k.f....0..Ag5..<.w.1...r:..g.+...+........MX.k`=l......\(...........,vDq>.......x..`wl.U...x..[.....(..p...@u..z...1M../.D>...z..'vJ..U..'C.......?c:..U........GQ...,.P.T<...-..|$~....q..n=L..iF....X....q.......p.6{q8.u'*.R..C...Qg..YCN.:........#g^.R...w.......U..j...H5..eF......iO`..4r.R.[.....0...9{....u.v....X6!>.F`*.Nk.....J...5.P..}..F.\..Lk._.`.#...od..7..4!V.......-...{r.P....9^5.2.(.G..OT..<9}1....A..Q...U.{C.....o..S.....S...b....z..T...o....z..Z.xv......O|.8.....u......c...?.....u.u........p4.v`......kQ..4.....jzf.^....F..4...j:.._K.;..z]..0.0>..........|..W..Z5!6.b?....2O.....,.>.Q.y..-...._..k..w.}.V....s.o....W*..._Q...X..=Tcmc{N.P..1..j..'...l.-.?j^2..*~}Zo.J..7..F....D.91.....#2^..7.}7........$.:P..oc"6I..)n...|A..G.....l'..x..bM#.|...e.yT...k..y.]9...2.ao.z~.g`4....e0L..........t....n*.....}D.>.O..Vv..vE.Qs.\.~...s..........v.....T..7..A.9.s.]zQ...Gb.q).2....e...

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\Assets\70x70Logo.scale-80_contrast-white.png

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:PNG image data, 56 x 56, 8-bit gray+alpha, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):901
                                                                                                                                                                                                  Entropy (8bit):7.682141855410327
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:x2BZqWXRHKkqILfEDtySHnb98XPA8KWstHNMufZ4jJO2C:xZQEC8BywBmPAGpC4jJa
                                                                                                                                                                                                  MD5:E6ADD5AFC73F7B06FC2348550595F8D6
                                                                                                                                                                                                  SHA1:4D658BDDB93FA6CB423EBC61BD20DB37E4D37DB6
                                                                                                                                                                                                  SHA-256:DD6F46D32C3E235508F9E4C7D7F993BD807D955BCA7E63CF3D57C6C4C102F46D
                                                                                                                                                                                                  SHA-512:55437DFEA7F68A4572DFC86B5428CBE9DB86C0D32D0B09BA6B7B1CF8E49E5F1BB94285BBDC97D8EE00D70BA75921DB59644787C1BE1672FE37CEE09441F249B6
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:.PNG........IHDR...8...8...........LIDATx...mh.e...c....#.."aM..f!Dh....eFaa......0$3.a.bS.(!..$..@%1-+.,.ge..\.9..=<...}...=..7.\'7.-////...T.2.x.F...Ur.5.v..L...Iv..-..a.1&...Y!...U.S%..a......k.V!=....'..M.Pl.F!..s.V..B8g.n..9a......Z.k.....vH..i]V.Yx.....ve:R.I-.c.d...\......S.s<.?....`....).Ab.za^.s.1....~r4[...6a.......$6.o.I.z..A.Z.HG.:.r.C..E..<+.#Q..P.J.._.xYX-...[I.'l.o.{...Q.Y.E.'.V..3...H........i'.w...........:a<...W2.I..0P8(K...IL.V....).V......=". .....;.,....F&..U$6.....d...e.T.}aK...4I.!.(.U."...,}-\G.Rx[&..O...$Kk.I$.k.[&..c......S,.v.....(.Ao...,...K[&T..|.......G.G.6a.++t\..*.?...La......F.....r9..t.U.9.DG.8.o#..j.d..L.~..;B....e.f....*,.......b{./.....N.......`.e$npL.U..f.j.I..A....Oa.^.F.N8`...xU.........@?..t%$.,...l.n)._h0/U.d.....l.C...I....R..)..........3H...N....h.9j.2.{.n_...y..m.9.5.^...H7.i.A.....e.?..R....]....IEND.B`.

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\CUESDK.x64_2017.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):485344
                                                                                                                                                                                                  Entropy (8bit):5.205905061365067
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6144:alTZkQQzVVTgmAffw5QTzL6+75I+qZojZdJ:azkQQzVVTgmAffMQTjO+xt
                                                                                                                                                                                                  MD5:943CFEC00D31592C1B09C1086CE5B39E
                                                                                                                                                                                                  SHA1:DE211386FC16BD90C5D0D9B2527495D36424A131
                                                                                                                                                                                                  SHA-256:D2C6E0E2E2C24A1AE11A8D638A5EB11D97F0279946874D13E893AFA520DBD2FE
                                                                                                                                                                                                  SHA-512:3728349851899E36EA6B1EAD07BBCCB651661D8B76BDBB199C6B42EF9D56DB4DE9A1F7BCE55DE2AA32A9ECAD44BCC00785519F1FC5BFCF5B6A1F50551B98CE9D
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........a.y...*...*...*.xE*...*.h.+...*.h.+...*.h.+...*.h.+...*.f.+...*...*p..*ci.+...*ci.+...*ci)*...*..A*...*ci.+...*Rich...*........PE..d....v|_.........." .....N...........L..............................................5.....`.............................................#............`..6.......,F..."...E...p..(...@...8...................`...(....................................................text...hM.......N.................. ..`.rdata...)...`...*...R..............@..@.data....*...........|..............@....pdata..TN.......P..................@..@.idata..X!......."..................@..@.tls.........@......................@....00cfg.......P......................@..@.rsrc...6....`......................@..@.reloc.......p......................@..B........................................................................................................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\MEIPreload\manifest.json

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):238
                                                                                                                                                                                                  Entropy (8bit):4.824253848576346
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6:v5975JVSS18iMkh26VlcmutLwyAGI/zj//gQNMC:Bbt18l+LlMLqGU/gQNMC
                                                                                                                                                                                                  MD5:442699C95B20A60470421C6A4D29960F
                                                                                                                                                                                                  SHA1:C7317F2D2414C991C21205BA3C68A187B997E3C1
                                                                                                                                                                                                  SHA-256:44844CF3DDE6E80087AE0E6BF0D9326D7EF7D23326D24AC83AF0850BE26923D2
                                                                                                                                                                                                  SHA-512:C89CF089F7FEEB80C6DED11F1FCE84287ABE8216A6E05723D1A7FAF567C501C043CD1246FF8DBEE1240D2D79C41B698EF4CC3459589E68E5BFC5BED7FC3A150B
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:{. "name": "MEI Preload", . "icons": {}, . "version": "1.0.7.1652906823", . "manifest_version": 2, . "update_url": "https://clients2.google.com/service/update2/crx", . "description": "Contains preloaded data for Media Engagement".}.

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\MEIPreload\preloaded_data.pb

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):8254
                                                                                                                                                                                                  Entropy (8bit):6.795641289553097
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:bTOpyeS7AOv6EVp/m3FPKk15jjKVcOmQppXavFbeLfzrLyp:bTOk7AdEugo5jjK+5QppXaBebzrLyp
                                                                                                                                                                                                  MD5:D5E4C2634EFF8A9B3FAF432BF406D6D1
                                                                                                                                                                                                  SHA1:A691F5C9877079193C1F7DFB16DBC30BB0372EC9
                                                                                                                                                                                                  SHA-256:C6070A157B4E28D16FBCCBD233E93846DDB070C85E1A1BC64469B7A5F1424FAD
                                                                                                                                                                                                  SHA-512:B264E28AC8F111DF01C553445AADC7BCDB3F32A38A1A19D3F9D458270DFEAF80EFA7144407BD999892022AF9DDE9DBF8A0E19E7212720E1C6511EA9125AFB166
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:..@5..0@...@y@o@.AK@X@.@w.!@.@.@.A.A.@.@B@.@.@.<A.A2A_..6strea.....kpo..anim..^...elo.tele..g....pan..bancidiz...don...Ikor........D...ap.cuem...ukleren.squl......ve..vco.. ....sten.tid..+v........dou...myvrs..=bb.jl..#streamfai..P2...nkk........10...f..R527......p...7............85.231.223....11.90.159.13...movie..w23serie...3tv.co...h...pla...00mg...bstrea..W93.178.172.11...49.56.24.2...........secure...|qo.....routk..nitetv.roge..}map...ndavide..ci.t...view.abc.ne..O...j....lianonlinenetw............r..'oora4liv......8.topgir..33.sogirl..rshow12...ayospor.......mc..s...k......sian..nime.c..n......prof..ba..Mtochk..Zkra..Tg...-....K............@.'..2.vos......m..rig...r.. ......@g..>..........perpl..)...tualpi...gintvgo.virginme...eo...mbox.skyen..@aplay.O.E0B...d....W......portal.jo.._...e...ma..........Lsearch.ya...frida......a..Qhnex..jvarzes..ey...........e....y...d.tv...stfr......l......seigr..U...d...q.....z....serial...r...cuevana..Amovistarplu..a.......f

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\Resources.pri

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):3072
                                                                                                                                                                                                  Entropy (8bit):3.118957212117411
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:Whs+6rek/gF1A6Gbi+4eTy8iPTUucUITUuqQTUGUQTUsITU6UQTUQITUuUQTU0I0:WWnep/FFLxPoRJo+oGpoBo6po1oupop0
                                                                                                                                                                                                  MD5:400817D0A91767CB830767AA94383F31
                                                                                                                                                                                                  SHA1:73F36C895190223F94E4D52657F14454B2BCBA44
                                                                                                                                                                                                  SHA-256:35D92C86C1C054D1C03F4E58B83681BBFD8573143EE5E4CFB4CBD788A1FFC107
                                                                                                                                                                                                  SHA-512:2216DFC65E24961A18A4622FF6D8D8A1330283E64477A0E44BAC5B8F9A4CB5690FC90F598BBC152214EE6AA8770FE6608C4C809EC6F2CC73547D8166603B3E15
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:mrm_pri0........ ...............[mrm_decn_info].............8...[mrm_pridescex].........8...H...[mrm_hschema] .................[mrm_res_map__].............@...[mrm_decn_info].........8.......................................................................................................................................................................................................................................W.H.I.T.E...8.0...1.8.0...1.4.0...1.0.0.............8...[mrm_pridescex].........H...........................................H...[mrm_hschema] ...................................U^........m.s.-.a.p.p.x.:././.O.p.e.r.a./...O.p.e.r.a.....................L.......................F...........A...........O...........1.../.......7...!...................................F.i.l.e.s...A.s.s.e.t.s...O.p.e.r.a.P.R.I.C.o.n.f.i.g...x.m.l...7.0.x.7.0.L.o.g.o...p.n.g...1.5.0.x.1.5.0.L.o.g.o...p.n.g..........................................[mrm_res_map__].........@.......,.......................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\assistant_package

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2973528
                                                                                                                                                                                                  Entropy (8bit):7.995948649674358
                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                  SSDEEP:49152:npr0nnDiGZgF23VzfajZEGXGt+TR5P/H2iYyhQivUa6Ta7q1nt89qtTme/dLnUgq:nKnDhZgqajZEqZHXWi7+Tau1ntuiVL9q
                                                                                                                                                                                                  MD5:128F7E7285E953D6EA26A318D7A7403A
                                                                                                                                                                                                  SHA1:6423142BE97D4719C8A0F775EA73569E233200DF
                                                                                                                                                                                                  SHA-256:550C9209EEA87801ECEC9B2435BA7C5BF333DF38BBFFEE4BBCF4CEF2D0F9FCBE
                                                                                                                                                                                                  SHA-512:0018FE73D26BB17877F69AEE8D480A3DD51A55C3B3E1904990889314A04D829D87E78381475EDD0BB23597DCB4323FA379A5395342EA9D117750D3E3693059CD
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:MZ`.....................@...................................`...........!..L.!Require Windows..$PE..L...'..P.................(...F.......-.......@....@.................................@.-......................................b.......................5-..)...........................................................@..d............................text....&.......(.................. ..`.rdata...5...@...6...*..............@..@.data....)...........`..............@....rsrc................h..............@..@........U..`.A.......S3.;.VWt.f9.b.A.t...`.A.P....P.|..Y.nj'.v....u..v..=.BA..6P......P....9^..].v8.^..3......hhDA.P..........P......P..pAA..E..E....;F.r......P.J|..Y.24..j...lAA...t$..D....3.9.H.A.t...@....9D$.t..t$.Ph.....5@.A....BA.3.....D$..`...|$..u..@.....3.....t$..D$..t$...`.A......t$...P.Q..%`.A...D$...V...t...P.Q...^...VW.|$.....t...W.P.....t...P.Q..>.._^....T$..L$....f..AABBf..u..L$.3.f9.t.@f.<A.u..S.\$.V..C;^.tLW3.j.Z...........Q.......3.9F.Y~.9F.~...f..Af..G@;F.|..6....

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\d3dcompiler_47.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):4927400
                                                                                                                                                                                                  Entropy (8bit):6.402970220950094
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:49152:VCZnRO4XyM53Rkq4ypQqdoRpmruVNYvkaRwvhiD0N+YEzI4og/RfzHLeHTRhFRNh:0G2QCwmHPnog/pzHAo/A6
                                                                                                                                                                                                  MD5:DD88837D51ECE6061718CAE0A638BB60
                                                                                                                                                                                                  SHA1:02987B303D9F27C7FC8A093C0CCA32112E9ED1B0
                                                                                                                                                                                                  SHA-256:AB6FD3AB40931DFD337C5D4D34B95F44A0BDD44D56507D740D97278AB254139F
                                                                                                                                                                                                  SHA-512:B2C7F4FEB2D323DEC2455710F6B04EF9642803FEF02936DBE5A09FC00453F8CBE2CE2E93BA2E5CDE537DAF7342BB14D6C0D49D1700AE86C8C2310863E3FB338E
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........|3..]...]...]..e\...]...\.5.]..e...]..wX...]..wY...]..e^...]..eX.y.]..eY...]..e]...]..eU./.]..e....]..e_...].Rich..].................PE..d...^.}`.........." ......8..........<).......................................K.......L...`A........................................`%G.x....(G.P.....J.@.....H.......J..O....J.....p.D.p....................S<.(...pR<.@............S<.(............................text.....8.......8................. ..`.rdata...F....8..P....8.............@..@.data...`....@G......@G.............@....pdata........H......@H.............@..@.rsrc...@.....J......@J.............@..@.reloc........J......PJ.............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\dxcompiler.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):21868960
                                                                                                                                                                                                  Entropy (8bit):6.5327904051612276
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:393216:IkwXSvzEhmbfrZV+m2iG890hvCUD/GVJkshSB:KvN/GVJksAB
                                                                                                                                                                                                  MD5:B4B0BB9DC73D5D4B45E35B5CEBB46609
                                                                                                                                                                                                  SHA1:6CD3DE6BC604180F7E3BE7F052F0D1BC67ED7605
                                                                                                                                                                                                  SHA-256:AA5D6EBC4765063FBA4D02D24D9FC4B5845D5C8F86418EF7B8514B3C05EDA306
                                                                                                                                                                                                  SHA-512:44DA8661C4C6368FC046C99916B2109EB763B7D9EDBEA66B1EB70A651C018DEED91C8EE2F3269B10591ECFC082C85D43E6ECA555BEADBD1B83C898ABC1B2CCA5
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......f.........." ..........F......M.......................................@N.......M...`A......................................... .p...H. .x.....M.......B.......M..)... M.....DD .8................... B .(.......@...........p. ..............................text............................... ..`.rdata...~;.......;.................@..@.data........@B..n...0B.............@....pdata........B.......B.............@..@.00cfg..8.....L......4L.............@..@.gxfg....0....L..2...6L.............@..@.retplne......L......hL..................tls..........L......jL.............@..._RDATA..\.....M......lL.............@..@.rsrc.........M......nL.............@..@.reloc....... M......rL.............@..B................................................................................................................................................................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\dxil.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1519000
                                                                                                                                                                                                  Entropy (8bit):6.516243319485896
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24576:LCfhbh3v3mtZDiAQeWj26k41ob2nrZ1rqpegQDJqoZtp22GkmgA9u808jQPEdkrT:LCfhbh3v3mtEAQrW41obCraeRhy9ou6p
                                                                                                                                                                                                  MD5:044B9B2A5E1CEA24BDEF3A3A81C9B9D6
                                                                                                                                                                                                  SHA1:E96670C0681507CC9926CB475AA28A8C9BB7D529
                                                                                                                                                                                                  SHA-256:3FAA3A0B1DD6AD2BA2855D6F82376E223B18A51A39159F5923F2AA33668211E4
                                                                                                                                                                                                  SHA-512:A1A41B79884A615D226F744960F666BD2991835A796117278C7D8426217F384A127DC6040C04B1F4BB2707B5BB4464C562CED3881A8FDED6C02263C23B358C1F
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......@AC.. -.. -.. -.OX).1 -.OX... -.OX(.. -.VU(.. -..R,.. -.. ,.. -.OX$.. -.OX-.. -.OX.. -.. ... -.OX/.. -.Rich. -.................PE..d...'..}.........." ........."...............................................@............`A............................................l...l...P............`..t........O... .......o..p....................o..(....m..@............................................text...\........................... ..`.rdata..F...........................@..@.data....{.......T..................@....pdata..t....`......."..............@..@_RDATA..............................@..@.rsrc...............................@..@.reloc....... ......................@..B........................................................................................................................................................................................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\files_list

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):4186
                                                                                                                                                                                                  Entropy (8bit):5.234993793603558
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:t0/Rtp7yTf85XZyITJhowbO7VtiORFnbwU:Gaf85XMbwbOHiORFnbwU
                                                                                                                                                                                                  MD5:2DC8E2607CA1F7C321FB559287B7CA22
                                                                                                                                                                                                  SHA1:C1C7BF3A567FD2D24C348C3C954FEC3E00F96AEE
                                                                                                                                                                                                  SHA-256:269738732DC4756D0955EF9BBA7DE3A4DD025C0A868EE84E3FFC486817F63672
                                                                                                                                                                                                  SHA-512:080FD30D024EC21B7E50BBDB2FFD69E7E700B2D923171BFC2E47C77E510D663F5DAAFD702017A61C6D399E17705678E182D5F0BF53505181D864F533EEA22FD1
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:107.0.5045.79.manifest..CUESDK.x64_2017.dll..MEIPreload\manifest.json..MEIPreload\preloaded_data.pb..d3dcompiler_47.dll..dxcompiler.dll..dxil.dll..fonts\Inter-Black.ttf..fonts\Inter-BlackItalic.ttf..fonts\Inter-Bold.ttf..fonts\Inter-BoldItalic.ttf..fonts\Inter-ExtraBold.ttf..fonts\Inter-ExtraBoldItalic.ttf..fonts\Inter-ExtraLight.ttf..fonts\Inter-ExtraLightItalic.ttf..fonts\Inter-Italic.ttf..fonts\Inter-Light.ttf..fonts\Inter-LightItalic.ttf..fonts\Inter-Medium.ttf..fonts\Inter-MediumItalic.ttf..fonts\Inter-Regular.ttf..fonts\Inter-SemiBold.ttf..fonts\Inter-SemiBoldItalic.ttf..fonts\Inter-Thin.ttf..fonts\Inter-ThinItalic.ttf..headless_command_resources.pak..headless_lib_data.pak..headless_lib_strings.pak..icudtl.dat..installer.exe..libEGL.dll..libGLESv2.dll..localization\bg.pak..localization\bn.pak..localization\ca.pak..localization\cs.pak..localization\da.pak..localization\de.pak..localization\el.pak..localization\en-GB.pak..localization\en-US.pak..localization\es-419.pak..localizatio

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\files_list.1711816766.old (copy)

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe
                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):4186
                                                                                                                                                                                                  Entropy (8bit):5.234993793603558
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:t0/Rtp7yTf85XZyITJhowbO7VtiORFnbwU:Gaf85XMbwbOHiORFnbwU
                                                                                                                                                                                                  MD5:2DC8E2607CA1F7C321FB559287B7CA22
                                                                                                                                                                                                  SHA1:C1C7BF3A567FD2D24C348C3C954FEC3E00F96AEE
                                                                                                                                                                                                  SHA-256:269738732DC4756D0955EF9BBA7DE3A4DD025C0A868EE84E3FFC486817F63672
                                                                                                                                                                                                  SHA-512:080FD30D024EC21B7E50BBDB2FFD69E7E700B2D923171BFC2E47C77E510D663F5DAAFD702017A61C6D399E17705678E182D5F0BF53505181D864F533EEA22FD1
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:107.0.5045.79.manifest..CUESDK.x64_2017.dll..MEIPreload\manifest.json..MEIPreload\preloaded_data.pb..d3dcompiler_47.dll..dxcompiler.dll..dxil.dll..fonts\Inter-Black.ttf..fonts\Inter-BlackItalic.ttf..fonts\Inter-Bold.ttf..fonts\Inter-BoldItalic.ttf..fonts\Inter-ExtraBold.ttf..fonts\Inter-ExtraBoldItalic.ttf..fonts\Inter-ExtraLight.ttf..fonts\Inter-ExtraLightItalic.ttf..fonts\Inter-Italic.ttf..fonts\Inter-Light.ttf..fonts\Inter-LightItalic.ttf..fonts\Inter-Medium.ttf..fonts\Inter-MediumItalic.ttf..fonts\Inter-Regular.ttf..fonts\Inter-SemiBold.ttf..fonts\Inter-SemiBoldItalic.ttf..fonts\Inter-Thin.ttf..fonts\Inter-ThinItalic.ttf..headless_command_resources.pak..headless_lib_data.pak..headless_lib_strings.pak..icudtl.dat..installer.exe..libEGL.dll..libGLESv2.dll..localization\bg.pak..localization\bn.pak..localization\ca.pak..localization\cs.pak..localization\da.pak..localization\de.pak..localization\el.pak..localization\en-GB.pak..localization\en-US.pak..localization\es-419.pak..localizatio

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\fonts\Inter-Black.ttf

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:TrueType Font data, 17 tables, 1st "GDEF", 39 names, Microsoft, language 0x409, Copyright 2016 The Inter Project AuthorsInter BlackRegular4.000;git-a52131595;RSMS;Inter-BlackIn
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):414140
                                                                                                                                                                                                  Entropy (8bit):6.13273327924002
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6144:s3unFMi82w/+qnJWPziKSQSzzY6XqYQ0rBfmPbPGxGl36DNoAmFFhGj3k4yhP18:s3uV82wWqsPziK4zbBOPb96DNAV8
                                                                                                                                                                                                  MD5:4154321279162CEAC54088ECA13D3E59
                                                                                                                                                                                                  SHA1:5E5D8C866C2A7ABFD14A12DF505C4C419A2A56F7
                                                                                                                                                                                                  SHA-256:6BDEBEB76083E187C7AE59420BFC24E851EDB572E1A8D97C1C37B7B2DC26148C
                                                                                                                                                                                                  SHA-512:04CA175774CBE3F2D83543C01CC388E2715AB7B1378143DB41BACDC7E7EDDF05D3BEEF476F6ACBE7DDEB34861984EFB5FD7F299EC1820697C440B372D258AEE7
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:............GDEF.m.v........GPOS<.,... ..@.GSUB..B..F...]@OS/2 .....\...`cmapL.........d.cvt P.....A....&fpgmb/....B.....gasp......A.....glyf.3.J......U.head0%.a..^T...6hhea......^....$hmtxE.)...^...-.loca.;w....h..-.maxp.t.....$... name.i-....D....post}.........xprepldhL..P..............................................................I...K...........................................J...L.Z...].f...i.w...z.|...~.................................................(...*.,.../.0...2.5...8.;...=.N...P.P...R.V...X.q...s.s...u.v...x.y...{........................................................................................... ...).).........0.3...5.5...:.:...<.?...A.C...K.K...M.M...Q.Q...S.T...[.[...].]...j.k...p.q...............%.%...).D...G.I...U.V...Z.b...d.u...x.z.......................................................................................P.P...i.............................................................`...c.............................................................!...#

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\fonts\Inter-BlackItalic.ttf

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:TrueType Font data, 17 tables, 1st "GDEF", 38 names, Microsoft, language 0x409, Copyright 2016 The Inter Project AuthorsInter BlackItalic4.000;git-a52131595;RSMS;Inter-BlackIta
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):422324
                                                                                                                                                                                                  Entropy (8bit):6.159556140030877
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6144:PtBc7UQ0dNXWqSBQVUWrqIWqH70TVMYydoAF4N0ELhwnftLu+hNHzFxo5spvD3+p:Pt2+dRWqgVrwYygLhwnfhjh9fZ78
                                                                                                                                                                                                  MD5:C5C41F7587F272A4C43A265D0286F7BB
                                                                                                                                                                                                  SHA1:916224C963D04B93ED54CE7C201108F398E7E159
                                                                                                                                                                                                  SHA-256:D549110689CDDE0821CA2C7148F7B47A097166B4169786A4A9EDE675F5CE87F3
                                                                                                                                                                                                  SHA-512:D4B4D01088D9F506368DC19D709B4BA6BE764929B0DD05775841E14CBBEC674F216B81515AE529E95ABFD22ED2F3E2D2774363DD4284C8C8B57D203599555F76
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:............GDEFj.`i........GPOS2-........?4GSUB*|.@..D<..[.OS/2 .B...,...`cmap^.........d.cvt O._..a....&fpgmb/....b.....gasp......a|....glyf5.........|.head0;.`...4...6hhea.......l...$hmtx..4.......-$loca.........-(maxp.D......... name!.,.........postz.........}.prepldhL..p..............................................................*...,.....................................;...>.H...J.X...[.]..._.`...b.y...{............................................................./...1.1...3.7...9.R...T.T...V.W...Y.Z...\.c...e.|...~............................................................................................................. ...".$...,.,.........2.2...4.5...<.<...>.>...K.L...Q.R.......................%...(.*...6.7...;.C...E.V...Y.[...g.h...m.n...q.s...........................................................................1.1...J.d...f.g...n.n...p.p.........................................A...D....................................................................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\fonts\Inter-Bold.ttf

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:TrueType Font data, 17 tables, 1st "GDEF", 35 names, Microsoft, language 0x409, Copyright 2016 The Inter Project AuthorsInterBold4.000;git-a52131595;RSMS;Inter-BoldInter BoldVe
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):415072
                                                                                                                                                                                                  Entropy (8bit):6.167283324857092
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12288:k9zC2w597PziK+bSvkK3sgUN8HkC48AeIVMhQ/8:e4iK+6I/8
                                                                                                                                                                                                  MD5:8F2869A84AD71F156A17BB66611EBE22
                                                                                                                                                                                                  SHA1:0325B9B3992FA2FDC9C715730A33135696C68A39
                                                                                                                                                                                                  SHA-256:0CB1BC1335372D9E3A0CF6F5311C7CCE87AF90D2A777FDEEC18BE605A2A70BC1
                                                                                                                                                                                                  SHA-512:3D4315D591DCF7609C15B3E32BCC234659FCDBE4BE24AEF5DBA4AD248AD42FD9AB082250244F99DC801EC21575B7400AACE50A1E8834D5C33404E76A0CAAC834
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:............GDEF.m.v........GPOS\.N.... ..KhGSUB..B..P...]@OS/2 ..........`cmapL......(..d.cvt L.....E0...&fpgmb/....FX....gasp......E(....glyf(.........OXhead0|...bh...6hhea. ....b....$hmtxDt....b...-.loca.0.....|..-.maxp.t.....8... name.D.....X...Vpost}~.......xprepldhL..Td.............................................................I...K...........................................J...L.Z...].f...i.w...z.|...~.................................................(...*.,.../.0...2.5...8.;...=.N...P.P...R.V...X.q...s.s...u.v...x.y...{........................................................................................... ...).).........0.3...5.5...:.:...<.?...A.C...K.K...M.M...Q.Q...S.T...[.[...].]...j.k...p.q...............%.%...).D...G.I...U.V...Z.b...d.u...x.z.......................................................................................P.P...i.............................................................`...c.............................................................!...#

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\fonts\Inter-BoldItalic.ttf

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:TrueType Font data, 17 tables, 1st "GDEF", 34 names, Microsoft, language 0x409, Copyright 2016 The Inter Project AuthorsInterBold Italic4.000;git-a52131595;RSMS;Inter-BoldItali
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):420068
                                                                                                                                                                                                  Entropy (8bit):6.194498558176303
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12288:xg28OmWqgaGeWLF7k/oONd1P+yyZQl/xFiwRi98:SZG17k/oOX1PXyqCwRi98
                                                                                                                                                                                                  MD5:C4C47E3D7ED51A6BB67B7B8088A4B0E3
                                                                                                                                                                                                  SHA1:B190F4E4E8F838C46FFE9507D966EA4D8B37D8CE
                                                                                                                                                                                                  SHA-256:5E606F805A71432D4875DE7DAB737BF9DEA1187090F0A5190DA9B1BBAB09F57C
                                                                                                                                                                                                  SHA-512:B4251618479C52398CA71CFC61AD88230A14145771EF1085AB9288486D7BFC841F0EA222909F8BA6882DB6076DF26BFE37E1C23917569270C86D6E7ADEE7CF13
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:............GDEFj.`i........GPOSU..F......IFGSUB*|.@..NP..[.OS/2 ......@...`cmap^.........d.cvt L.....X....&fpgmb/....Y.....gasp......X.....glyf.L.K...0..i.head0....x....6hhea......y....$hmtx...T..y<..-$loca..OH...`..-(maxp.D........ name..........bpostz.........}.prepldhL..g..............................................................*...,.....................................;...>.H...J.X...[.]..._.`...b.y...{............................................................./...1.1...3.7...9.R...T.T...V.W...Y.Z...\.c...e.|...~............................................................................................................. ...".$...,.,.........2.2...4.5...<.<...>.>...K.L...Q.R.......................%...(.*...6.7...;.C...E.V...Y.[...g.h...m.n...q.s...........................................................................1.1...J.d...f.g...n.n...p.p.........................................A...D....................................................................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\fonts\Inter-ExtraBold.ttf

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:TrueType Font data, 17 tables, 1st "GDEF", 39 names, Microsoft, language 0x409, Copyright 2016 The Inter Project AuthorsInter ExtraBoldRegular4.000;git-a52131595;RSMS;Inter-Ext
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):416228
                                                                                                                                                                                                  Entropy (8bit):6.155971405270021
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6144:3VpTx/VCC2wfBsJWPziKSQVE58IqsfnHGR4tGX5/2nHTAl84RSnj3k4yhT18:3Vp+C2wfBDPziK+4suO49lfR98
                                                                                                                                                                                                  MD5:5061BD7701B1B3339F0C80E69A2136E4
                                                                                                                                                                                                  SHA1:4A028F1FA4DBD6B4BFBFEEC4A5B5E222A005B563
                                                                                                                                                                                                  SHA-256:3C13487B8F2EBA0A78CAD4CEFD19272B0F4E53D61C223E6B266DDF0B332E9F1C
                                                                                                                                                                                                  SHA-512:65875F9F205CD70D2E1B86FBDA2AC8875637E0B3E0BB37ADE9DA20717B0F17D2108A0CF2AA1B246AFFD73BEA233B510D37D13193801D94E5148D3EC4159653DC
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:............GDEF.m.v........GPOSB...... ..KzGSUB..B..P...]@OS/2 |.........`cmapL......<..d.cvt NY....I....&fpgmb/....J.....gasp......I.....glyf.B....$..S(head0R...fL...6hhea...X..f....$hmtx:4.7..f...-.loca.>b....`..-.maxp.t......... name(.2X...<....post}.....4...xprepldhL..X..............................................................I...K...........................................J...L.Z...].f...i.w...z.|...~.................................................(...*.,.../.0...2.5...8.;...=.N...P.P...R.V...X.q...s.s...u.v...x.y...{........................................................................................... ...).).........0.3...5.5...:.:...<.?...A.C...K.K...M.M...Q.Q...S.T...[.[...].]...j.k...p.q...............%.%...).D...G.I...U.V...Z.b...d.u...x.z.......................................................................................P.P...i.............................................................`...c.............................................................!...#

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\fonts\Inter-ExtraBoldItalic.ttf

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:TrueType Font data, 17 tables, 1st "GDEF", 38 names, Microsoft, language 0x409, Copyright 2016 The Inter Project AuthorsInter ExtraBoldItalic4.000;git-a52131595;RSMS;Inter-Extr
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):422904
                                                                                                                                                                                                  Entropy (8bit):6.1847822896243585
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12288:EMPffL+f3H4g6WqgDVHqLhDj+359q7z8O8:1khq9Dj+3vrO8
                                                                                                                                                                                                  MD5:CDEF819CDB20F81FEB8A2ABDEBE9CDA0
                                                                                                                                                                                                  SHA1:EB61A79464DE3932A2D892BF50AD0270BE5791E2
                                                                                                                                                                                                  SHA-256:6A2CF89B061033C76C3CD7451113F3D8D29CE2C2E80B273FD60F9474E3927CBC
                                                                                                                                                                                                  SHA-512:04DE3B444603887E130870DC9FFF2F6798D737EA77A376C0A6D62C9114709F7891C95FA1BDDAB70FF055EBF127C6584CAECC594659F2E8596E72DA9D62D625E5
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:............GDEFj.`i........GPOS..\>......I(GSUB*|.@..N0..[.OS/2 }..... ...`cmap^.........d.cvt N:....c....&fpgmb/....d.....gasp......c.....glyf..........t8head0h....H...6hhea...x.......$hmtx.)........-$loca..MD......-(maxp.D......... name+i1.........postz...... ..}.prepldhL..r..............................................................*...,.....................................;...>.H...J.X...[.]..._.`...b.y...{............................................................./...1.1...3.7...9.R...T.T...V.W...Y.Z...\.c...e.|...~............................................................................................................. ...".$...,.,.........2.2...4.5...<.<...>.>...K.L...Q.R.......................%...(.*...6.7...;.C...E.V...Y.[...g.h...m.n...q.s...........................................................................1.1...J.d...f.g...n.n...p.p.........................................A...D....................................................................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\fonts\Inter-ExtraLight.ttf

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:TrueType Font data, 17 tables, 1st "GDEF", 39 names, Microsoft, language 0x409, Copyright 2016 The Inter Project AuthorsInter ExtraLightRegular4.000;git-a52131595;RSMS;Inter-Ex
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):409996
                                                                                                                                                                                                  Entropy (8bit):6.169466966393304
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12288:XmzU22mZrPziKScOkpPSb+sv9wKKpuLpuSZAoM8:yiKcFyKK9SZ7M8
                                                                                                                                                                                                  MD5:B7E44012C53F3BCBF154C7C4784FCC14
                                                                                                                                                                                                  SHA1:101ABFE1C234D9E29504A55C7B5911F7E20E9425
                                                                                                                                                                                                  SHA-256:944F65A7C6CDA135C370559E9D7347BFDD45A579FE4DD1EF8BA5BC679BCD961D
                                                                                                                                                                                                  SHA-512:67808D6BDAFE9BCF5576DF234C93611BC827D868DD9F0D064E801DDA5EFE67883637746458B3A0E51B4B394913C3AC47F56C5C055B3FF013ABEBB66EC9A7716F
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:............GDEF.m.v........GPOS{...... ..<^GSUB..B..A...]@OS/2.$.........`cmapL...... ..d.cvt D.....1\...&fpgmb/....2.....gasp......1T....glyf.I........I.head1....M....6hhea......N ...$hmtx......ND..-.loca.M.x..{...-.maxp.t......... name+.3.........post}F.........xprepldhL..@..............................................................I...K...........................................J...L.Z...].f...i.w...z.|...~.................................................(...*.,.../.0...2.5...8.;...=.N...P.P...R.V...X.q...s.s...u.v...x.y...{........................................................................................... ...).).........0.3...5.5...:.:...<.?...A.C...K.K...M.M...Q.Q...S.T...[.[...].]...j.k...p.q...............%.%...).D...G.I...U.V...Z.b...d.u...x.z.......................................................................................P.P...i.............................................................`...c.............................................................!...#

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\fonts\Inter-ExtraLightItalic.ttf

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:TrueType Font data, 17 tables, 1st "GDEF", 38 names, Microsoft, language 0x409, Copyright 2016 The Inter Project AuthorsInter ExtraLightItalic4.000;git-a52131595;RSMS;Inter-Ext
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):415636
                                                                                                                                                                                                  Entropy (8bit):6.1951511440882685
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6144:327hgoK+yjo8AiWXWqSBCVUWR2kg4yODRVP8UPLumxDaAan+LHvKLMQyaInxFfmo:323K+tiqWqg3FkgdW3xDayLi78
                                                                                                                                                                                                  MD5:9E18D79ED628E74CA5E2EE3BFD6446BD
                                                                                                                                                                                                  SHA1:BF763C5CC7C91BFEC5E8E42499CA20AEF4C8B942
                                                                                                                                                                                                  SHA-256:BB5488DEFD018CF6CEA85B431A40991F0AB8939C39025E835E809160DCD912A6
                                                                                                                                                                                                  SHA-512:35A128E169D7CBC551C0337D78996E2061F8165E1B61870634A1EE6715199507F5FA140177C8A821401EAA765FC16FCC73E0180A21004803F6FC69EF512737F3
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:............GDEFj.`i........GPOS>.uG......:.GSUB*|.@..?...[.OS/2.%.........`cmap^......D..d.cvt D.....Gd...&fpgmb/....H.....gasp......G\....glyf*#:]......f.head1....f....6hhea.w....g....$hmtxe2.{..g4..-$loca...d...X..-(maxp.D......... name-.3z........postz[.<.....}.prepldhL..V..............................................................*...,.....................................;...>.H...J.X...[.]..._.`...b.y...{............................................................./...1.1...3.7...9.R...T.T...V.W...Y.Z...\.c...e.|...~............................................................................................................. ...".$...,.,.........2.2...4.5...<.<...>.>...K.L...Q.R.......................%...(.*...6.7...;.C...E.V...Y.[...g.h...m.n...q.s...........................................................................1.1...J.d...f.g...n.n...p.p.........................................A...D....................................................................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\fonts\Inter-Italic.ttf

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:TrueType Font data, 17 tables, 1st "GDEF", 34 names, Microsoft, language 0x409, Copyright 2016 The Inter Project AuthorsInterItalic4.000;git-a52131595;RSMS;Inter-ItalicInter It
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):412848
                                                                                                                                                                                                  Entropy (8bit):6.2017904291058406
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12288:C2vSKsOi+1iqWqgfYs0S2S7vWAlcBJPH8:1PqIS2S7v3lcB98
                                                                                                                                                                                                  MD5:118ABBE34A2979B66D6838805C56B7CD
                                                                                                                                                                                                  SHA1:7F320CB81660FC6DFF9CC5751F8FCC0134847C77
                                                                                                                                                                                                  SHA-256:D054D998AE12BE33820B100E0ED3923D513FA5C79C6D4E7CA1953AFEB262EA9B
                                                                                                                                                                                                  SHA-512:5BCAD4A03CED2CE76C5EBF78CD2C1328A4EE27019807F56A48BF8A0F936C57F351F10726C176952F0CF08776A5CE53D34C14D6A848925BE2789408A61678F381
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:............GDEFj.`i........GPOS.}.......7.GSUB*|.@..<...[.OS/2.........`cmap^.........d.cvt H.6..<....&fpgmb/....=.....gasp......<x....glyf........._Lhead0..i..\....6hhea.?....]....$hmtxF)...],..-$loca.k6....P..-(maxp.D.....x... name...........>postzz.{......}.prepldhL..K..............................................................*...,.....................................;...>.H...J.X...[.]..._.`...b.y...{............................................................./...1.1...3.7...9.R...T.T...V.W...Y.Z...\.c...e.|...~............................................................................................................. ...".$...,.,.........2.2...4.5...<.<...>.>...K.L...Q.R.......................%...(.*...6.7...;.C...E.V...Y.[...g.h...m.n...q.s...........................................................................1.1...J.d...f.g...n.n...p.p.........................................A...D....................................................................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\fonts\Inter-Light.ttf

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:TrueType Font data, 17 tables, 1st "GDEF", 39 names, Microsoft, language 0x409, Copyright 2016 The Inter Project AuthorsInter LightRegular4.000;git-a52131595;RSMS;Inter-LightIn
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):408364
                                                                                                                                                                                                  Entropy (8bit):6.1740190502785195
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6144:oeroPfXwF22mZ8JWPziKSQYfW0LXYveHt+47O3YqF5nxeU2h8jjXVymj3k4yhb18:ovw22mZzPziKYW0jYves4I2n8
                                                                                                                                                                                                  MD5:FF5FDC6F42C720A3EBD7B60F6D605888
                                                                                                                                                                                                  SHA1:460C18DDF24846E3D8792D440FD9A750503AEF1B
                                                                                                                                                                                                  SHA-256:1936D24CB0F4CE7006E08C6EF4243D2E42A7B45F2249F8FE54D92F76A317DFD1
                                                                                                                                                                                                  SHA-512:D3D333B1627D597C83A321A3DACA38DF63EA0F7CAB716006935905B8170379EC2AAB26CB7FFC7B539CA272CF7FB7937198AEE6DB3411077BEDF3D2B920D078A3
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:............GDEF.m.v........GPOS,F.P... ..=<GSUB..B..B\..]@OS/2...2.......`cmapL.........d.cvt F..,..*....&fpgmb/....,$....gasp......*.....glyf:;........B.head0....G....6hhea......G....$hmtx..Zi..H ..-.loca.&9...u...-.maxp.t......... name..-.........post}U.7...|...xprepldhL..:0.............................................................I...K...........................................J...L.Z...].f...i.w...z.|...~.................................................(...*.,.../.0...2.5...8.;...=.N...P.P...R.V...X.q...s.s...u.v...x.y...{........................................................................................... ...).).........0.3...5.5...:.:...<.?...A.C...K.K...M.M...Q.Q...S.T...[.[...].]...j.k...p.q...............%.%...).D...G.I...U.V...Z.b...d.u...x.z.......................................................................................P.P...i.............................................................`...c.............................................................!...#

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\fonts\Inter-LightItalic.ttf

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:TrueType Font data, 17 tables, 1st "GDEF", 38 names, Microsoft, language 0x409, Copyright 2016 The Inter Project AuthorsInter LightItalic4.000;git-a52131595;RSMS;Inter-LightIta
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):415024
                                                                                                                                                                                                  Entropy (8bit):6.199271793956543
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6144:BgWQyjI8Ai+XWqSBxVUW+EuzZKKH+XgoniJ2D5L2kZSVbnN90oGPP3+4yCT18:BgWQtiiWqgsR3n+XgZJ2xqu58
                                                                                                                                                                                                  MD5:4B1FFAD3C0075AF22674765FF1EE2F56
                                                                                                                                                                                                  SHA1:1F7B05D0ED1C6C15736115A59AD844ADEA5F1F66
                                                                                                                                                                                                  SHA-256:FE3714926082AC5764327E3B67AE52CB6F0CF6B8C4221C064A6CACF821079414
                                                                                                                                                                                                  SHA-512:427DB3FE5860676FAB65A9B895D205620A1EC0AA172F45AA9ECEF261820E25B84F3413BC5D0A9D0C1311422A8DA1F5706AC4F6211A60AACC82974CF00FF036A4
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:............GDEFj.`i........GPOS...C......;\GSUB*|.@..@d..[.OS/2...S...T...`cmap^.........d.cvt F..$..E....&fpgmb/....F(....gasp......D.....glyf..t....D..clhead1 ...d....6hhea.i....d....$hmtxU.b...e...-$loca.......0..-(maxp.D.....X... name!A-....x....postzj.\...X..}.prepldhL..T4.............................................................*...,.....................................;...>.H...J.X...[.]..._.`...b.y...{............................................................./...1.1...3.7...9.R...T.T...V.W...Y.Z...\.c...e.|...~............................................................................................................. ...".$...,.,.........2.2...4.5...<.<...>.>...K.L...Q.R.......................%...(.*...6.7...;.C...E.V...Y.[...g.h...m.n...q.s...........................................................................1.1...J.d...f.g...n.n...p.p.........................................A...D....................................................................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\fonts\Inter-Medium.ttf

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:TrueType Font data, 17 tables, 1st "GDEF", 39 names, Microsoft, language 0x409, Copyright 2016 The Inter Project AuthorsInter MediumRegular4.000;git-a52131595;RSMS;Inter-Medium
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):411500
                                                                                                                                                                                                  Entropy (8bit):6.179950752404769
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6144:D0RV3jlWkDOh9oC2wuhsJWPziKSQlRiFy34YmkCD9oI0+msvMlwt5BO2x28YzWDQ:D9SxC2wuhDPziK2yIYmkCCIPmsHI8F8
                                                                                                                                                                                                  MD5:A473E623AF12065B4B9CB8DB4068FB9C
                                                                                                                                                                                                  SHA1:126D31D9FBB0D742763C266A1C2ACE71B106E34A
                                                                                                                                                                                                  SHA-256:1BDA81124D6AE26ED16A7201E2BD93766AF5A3B14FAF79EEA14D191EBBD41146
                                                                                                                                                                                                  SHA-512:1FBC2841783140FE54F3AB1FA84E1DED2534BCEC3549ADE2F513491B32178DF515BD63A0A4A2C35017A6850FF9C3A24F8602357D912ACF8CA92B8D68BA846D3A
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:............GDEF.m.v........GPOS@@..... ..J.GSUB..B..O...]@OS/2.P.........`cmapL......d..d.cvt J"....7<...&fpgmb/....8d....gasp......74....glyf......L..A.head0....S....6hhea.c....T0...$hmtx......TT..-.loca..........-.maxp.t......... name ./.........post}m.g.......xprepldhL..Fp.............................................................I...K...........................................J...L.Z...].f...i.w...z.|...~.................................................(...*.,.../.0...2.5...8.;...=.N...P.P...R.V...X.q...s.s...u.v...x.y...{........................................................................................... ...).).........0.3...5.5...:.:...<.?...A.C...K.K...M.M...Q.Q...S.T...[.[...].]...j.k...p.q...............%.%...).D...G.I...U.V...Z.b...d.u...x.z.......................................................................................P.P...i.............................................................`...c.............................................................!...#

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\fonts\Inter-MediumItalic.ttf

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:TrueType Font data, 17 tables, 1st "GDEF", 38 names, Microsoft, language 0x409, Copyright 2016 The Inter Project AuthorsInter MediumItalic4.000;git-a52131595;RSMS;Inter-MediumI
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):417780
                                                                                                                                                                                                  Entropy (8bit):6.206431815755074
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6144:/DRFemw/pjVeXWqSBpVUW8KOA8HiQ109P0GJrMfsVwGSkSdnMgVIwZp3+4yCr18:/DKmChCWqgkJKy6zMfsdUDv8
                                                                                                                                                                                                  MD5:9A21378C7E8B26BC0C894402BFD5108C
                                                                                                                                                                                                  SHA1:72BD9F3CA75CA691CE86FE1EBBDB269F5F737BAE
                                                                                                                                                                                                  SHA-256:0D34F9588400A586B774BE97E66AE8C076A8807B8455DF0587B39D2A4A1A3B42
                                                                                                                                                                                                  SHA-512:4A9D23A01F1A7474E0339D4D8B151D0269BFAF7D9E13FF6AA34D7F929002E8FF185F273E6F7AFD2D40DF3E0630A962DC7767D870DCF1766F3E04B8029A7B452E
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:............GDEFj.`i........GPOSNc........H2GSUB*|.@..M<..[.OS/2.Q.....,...`cmap^.........d.cvt J..}..O....&fpgmb/....P.....gasp......O.....glyf...Y......aLhead0....oh...6hhea......o....$hmtx......o...-$loca.l........-(maxp.D......... name#..y...0....postz.........}.prepldhL..^..............................................................*...,.....................................;...>.H...J.X...[.]..._.`...b.y...{............................................................./...1.1...3.7...9.R...T.T...V.W...Y.Z...\.c...e.|...~............................................................................................................. ...".$...,.,.........2.2...4.5...<.<...>.>...K.L...Q.R.......................%...(.*...6.7...;.C...E.V...Y.[...g.h...m.n...q.s...........................................................................1.1...J.d...f.g...n.n...p.p.........................................A...D....................................................................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\fonts\Inter-Regular.ttf

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:TrueType Font data, 17 tables, 1st "GDEF", 35 names, Microsoft, language 0x409, Copyright 2016 The Inter Project AuthorsInterRegular4.000;git-a52131595;RSMS;Inter-RegularInter
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):407056
                                                                                                                                                                                                  Entropy (8bit):6.1736927573676335
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6144:sSnv4lXwF22mZ8JWPziKSQUmeKGVOOxAdgwH9evDFDynor51EOO2UAGbzxSr1w7b:sSvJ22mZzPziKwLOOkvH9IQoUf7P08
                                                                                                                                                                                                  MD5:FDB50E0D48CDCF775FA1AC0DC3C33BD4
                                                                                                                                                                                                  SHA1:5C95E5D66572AECA303512BA41A8DDE0CEA92C80
                                                                                                                                                                                                  SHA-256:64F8BE6E55C37E32EF03DA99714BF3AA58B8F2099BFE4F759A7578E3B8291123
                                                                                                                                                                                                  SHA-512:20CE8100C96058D4E64A12D0817B7CE638CEC9F5D03651320EB6B9C3F47EE289CCC695BD3B5B6BF8E0867CDAB0EBB6E8CAE77DF054E185828A6A13F3733EDE53
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:............GDEF.m.v........GPOS,ta.... ..9.GSUB..B..>...]@OS/2..g.......`cmapL......p..d.cvt H.H..%....&fpgmb/....'.....gasp......%.....glyf..L...X..A.head0..j..C....6hhea...]..C8...$hmtx......C\..-.loca...X..q...-.maxp.t......... name...V.......npost}e.V...`...xprepldhL..5..............................................................I...K...........................................J...L.Z...].f...i.w...z.|...~.................................................(...*.,.../.0...2.5...8.;...=.N...P.P...R.V...X.q...s.s...u.v...x.y...{........................................................................................... ...).).........0.3...5.5...:.:...<.?...A.C...K.K...M.M...Q.Q...S.T...[.[...].]...j.k...p.q...............%.%...).D...G.I...U.V...Z.b...d.u...x.z.......................................................................................P.P...i.............................................................`...c.............................................................!...#

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\fonts\Inter-SemiBold.ttf

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:TrueType Font data, 17 tables, 1st "GDEF", 39 names, Microsoft, language 0x409, Copyright 2016 The Inter Project AuthorsInter SemiBoldRegular4.000;git-a52131595;RSMS;Inter-Semi
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):413976
                                                                                                                                                                                                  Entropy (8bit):6.169175161562876
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12288:SMPc0C2wQtzPziKFfAi2bNru42U5CB1c8:5hiK9AiENr/2UYc8
                                                                                                                                                                                                  MD5:4D24F378E7F8656A5BCCB128265A6C3D
                                                                                                                                                                                                  SHA1:D48310D2F04C57AF1BCE0851E053BE7B58B25DCA
                                                                                                                                                                                                  SHA-256:0DC98E8AA59585394880F25AB89E6D915AD5134522E961B046CA51FAD3A18255
                                                                                                                                                                                                  SHA-512:38B18D9786046633E4992308C88F11CA5CED325F805EB29B3000533459E85DFB6CD87655F1E285AF8DA22AC04722AB354DBDA24667297B56CCA824EF227373F1
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:............GDEF.m.v........GPOSd]..... ..KPGSUB..B..Pp..]@OS/2...........`cmapL.........d.cvt Kt....@....&fpgmb/....B.....gasp......@.....glyf.8........J.head0....]....6hhea.A.h..]....$hmtx{xJ...]...-.loca.!R.......-.maxp.t.....\... name%.1....|....post}v.w...h...xprepldhL..P..............................................................I...K...........................................J...L.Z...].f...i.w...z.|...~.................................................(...*.,.../.0...2.5...8.;...=.N...P.P...R.V...X.q...s.s...u.v...x.y...{........................................................................................... ...).).........0.3...5.5...:.:...<.?...A.C...K.K...M.M...Q.Q...S.T...[.[...].]...j.k...p.q...............%.%...).D...G.I...U.V...Z.b...d.u...x.z.......................................................................................P.P...i.............................................................`...c.............................................................!...#

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\fonts\Inter-SemiBoldItalic.ttf

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:TrueType Font data, 17 tables, 1st "GDEF", 38 names, Microsoft, language 0x409, Copyright 2016 The Inter Project AuthorsInter SemiBoldItalic4.000;git-a52131595;RSMS;Inter-SemiB
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):418520
                                                                                                                                                                                                  Entropy (8bit):6.2010032658690255
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12288:0UW00H2WqgwJA65hgQ0Yp9nyu8qIzoGS9U8:FWwJAuGQ0Yp9n5szrIU8
                                                                                                                                                                                                  MD5:04551623D1023398FD3DA941E920D727
                                                                                                                                                                                                  SHA1:92789CCC0D76C04D86685F9F0529731D2DC38852
                                                                                                                                                                                                  SHA-256:1E1289453D7A895CFB73569D4851634C8B0E49D150C4DD52D44BF5D206908272
                                                                                                                                                                                                  SHA-512:8017346110AEE84614FC0D9A9B39505F042E23659BE367C8A84301DC6E41C3DD93A464E88DCDF06F10B3B3AC85E975BC69EB464ED4CD784309564836289D412C
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:............GDEFj.`i........GPOS..j......I:GSUB*|.@..ND..[.OS/2.......4...`cmap^.........d.cvt K_....R....&fpgmb/....S.....gasp......R.....glyf.......$..c.head0....r4...6hhea......rl...$hmtx..Q...r...-$loca.n........-(maxp.D......... name(u0.........postz.........}.prepldhL..a..............................................................*...,.....................................;...>.H...J.X...[.]..._.`...b.y...{............................................................./...1.1...3.7...9.R...T.T...V.W...Y.Z...\.c...e.|...~............................................................................................................. ...".$...,.,.........2.2...4.5...<.<...>.>...K.L...Q.R.......................%...(.*...6.7...;.C...E.V...Y.[...g.h...m.n...q.s...........................................................................1.1...J.d...f.g...n.n...p.p.........................................A...D....................................................................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\fonts\Inter-Thin.ttf

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:TrueType Font data, 17 tables, 1st "GDEF", 39 names, Microsoft, language 0x409, Copyright 2016 The Inter Project AuthorsInter ThinRegular4.000;git-a52131595;RSMS;Inter-ThinInte
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):403404
                                                                                                                                                                                                  Entropy (8bit):6.15775244572357
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6144:FZbewyXwv22mZ8JWPziKSQQQbdiJNnL1qIPQyC4JRPeQQFgppInr/qwAWJBIF072:FZCU22mZzPziKPd6PQgcgpa/nMF07J8
                                                                                                                                                                                                  MD5:B97F16379B4C106616F60F702733F5C6
                                                                                                                                                                                                  SHA1:85C472FB9A7F256643BC4BBA10F158DFAA1D1E8B
                                                                                                                                                                                                  SHA-256:4C392DCC8AD916F0F9DF7559AB5563B01DD94F9F3B2DB34617FE392E00060339
                                                                                                                                                                                                  SHA-512:D124AF2C705B97CBB307497F88C47A5F7D320174D48626EA14AC27D42BCF8016F32810CF7ECB6AF1261297B8C331A6EA89E2E35C3E2536390D8D6E500ED8D61E
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:............GDEF.m.v........GPOS...... ..6.GSUB..B..;...]@OS/2..........`cmapL......L..d.cvt B..........&fpgmb/..........gasp............glyf5?.$...4..6<head1..i..4p...6hhea...-..4....$hmtx..6Y..4...-.loca......b...-.maxp.t.....@... name..,z...`....post}6.........xprepldhL..&..............................................................I...K...........................................J...L.Z...].f...i.w...z.|...~.................................................(...*.,.../.0...2.5...8.;...=.N...P.P...R.V...X.q...s.s...u.v...x.y...{........................................................................................... ...).).........0.3...5.5...:.:...<.?...A.C...K.K...M.M...Q.Q...S.T...[.[...].]...j.k...p.q...............%.%...).D...G.I...U.V...Z.b...d.u...x.z.......................................................................................P.P...i.............................................................`...c.............................................................!...#

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\fonts\Inter-ThinItalic.ttf

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:TrueType Font data, 17 tables, 1st "GDEF", 38 names, Microsoft, language 0x409, Copyright 2016 The Inter Project AuthorsInter ThinItalic4.000;git-a52131595;RSMS;Inter-ThinItali
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):410232
                                                                                                                                                                                                  Entropy (8bit):6.191384356621797
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6144:nm0XOI8wiWXWqSBNVUWI9Wd4EZDSwKBUMimozkhBiv98svLAYP0wJShe3+4yCL18:nm1GiqWqgwbMd4EZDDpmokGllkYMdQ8
                                                                                                                                                                                                  MD5:12EC66B825B504D752E8C333BF81DACF
                                                                                                                                                                                                  SHA1:56896D3E6011466B7E6631C714C57E20EE8366D9
                                                                                                                                                                                                  SHA-256:5FC09AF94A447FAE6F82C00F15DFAEF9EAE7C560E6CBE46D3E84524019A574AA
                                                                                                                                                                                                  SHA-512:8CB838589AC4F9819B7E2204517445DF94663D3217297212973E8B2D9FECE162155130DDC783E7E89EF2832D38BACE731B2AE3B73AFF36AD782C707813BC52B4
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:............GDEFj.`i........GPOS.n.t......6RGSUB*|.@..;\..[.OS/2.......L...`cmap^.........d.cvt B.....2H...&fpgmb/....3p....gasp......2@....glyf.,....<..U.head1<.h..R....6hhea..._..R<...$hmtxt.<...R`..-$loca.?w.......-(maxp.D......... name..+.........postzK........}.prepldhL..A|.............................................................*...,.....................................;...>.H...J.X...[.]..._.`...b.y...{............................................................./...1.1...3.7...9.R...T.T...V.W...Y.Z...\.c...e.|...~............................................................................................................. ...".$...,.,.........2.2...4.5...<.<...>.>...K.L...Q.R.......................%...(.*...6.7...;.C...E.V...Y.[...g.h...m.n...q.s...........................................................................1.1...J.d...f.g...n.n...p.p.........................................A...D....................................................................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\headless_command_resources.pak

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2889
                                                                                                                                                                                                  Entropy (8bit):7.9306579237637775
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:IGAlAoYphRTc/LR6nfEGlsX+bW+eeyYsO5EtDF3a8MnXULZACcb/+0TKw8uYsyKF:EcphRItAs43bW+ee6OiFMXqnoLT0NYis
                                                                                                                                                                                                  MD5:1F9CCBBBFC1E065FCE62137DAB8630B3
                                                                                                                                                                                                  SHA1:D653C3F32C11155B9F0B7DA1B7FAD78F4D3A22F9
                                                                                                                                                                                                  SHA-256:27B61CF817E6274437C8F9D22E03F05F3D78DB32A29D0DE7E0C39E642E78EF3F
                                                                                                                                                                                                  SHA-512:D37972843971A0D2BB1B06B8D059323E35CE449CCD89F08A8A87E938781430CC6DBFFB5FFB5500FE530B544118769F5378B8343CFE135B7AD640525A16B1E045
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:.............m.....m......I.............-.1k.0.....Kv....h........."=G*.^....Uqo9...R..1g.w..mqv..e.~.x...,+..[.<.8/...!..........6C..tTR.@..P.Xq....-_#O.........4`.P......|...J.5........~.8.6...p.:..l.].l.Y._EY...................N.H....H...4&.>...%@.F.P..V......].r.........6!.(mW....)..#.nh.X2......j....U...-..v....#R"..:.......^.d.i..t.A.z;?.....r...[f..Y.n1.T..)P..:Fg.G'..'..j...6.8:.<.+.0...Y..%....s.1...8.+HH.......c..:D/....w].h...;t..q..........4.)f=m...i....\...y_..3.0.....|fH...........%.0V.n...6c.......W.W...Dj...O.30....i.....8.....H..J.o.P.)2U.BC!M5..X.T...$.-..R...8C..j... . .fb9...Aa.....X.....v,.._4c.k..qJ.... .4Z^.*pe..@..g.]9..x..........n"......n..v!.'..[.. _4.^...YS.vS@-%..6!..r..4.1P....!.......5<......)....0.....B:.G,="..M..y..8".......q1C@7[u.tn......#...UE.o..P$...f.I."....f6...1.e.8..+B.N..Q. ..fQ...<$.)........D....kQ..m...K(.........sZ)...6-.C..<<DQ.n1...4..L/c+_.......Kr4.....Q:H....H=...-._>A..."h.(.....@.

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\headless_lib_data.pak

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1028288
                                                                                                                                                                                                  Entropy (8bit):7.978101123188429
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24576:3SHKqVVG7/dOMJlcFDAh1y+cBtoO0TOxuGtY1waxNU:CHKyG7/dR2ZpHBKOxA1C
                                                                                                                                                                                                  MD5:03F57C15087DB4F21D3F1CA51A2D26D3
                                                                                                                                                                                                  SHA1:74F44C7870F87CA82B670D8EE3B4F891D6390F3D
                                                                                                                                                                                                  SHA-256:281152795AC7FF1993729468D45EED78B724F886AFAD24528DE2EED240A66C4F
                                                                                                                                                                                                  SHA-512:FD728E9A8E988F01AF5999AC165CD0745A1F605F217D81FFE7A338FC0EDA60C8D76E572E6945DB16409D355085C7EC00F341DAA032C4204EFC789E169F129BB8
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:........u...f.0...........C..................)....%...............<.................4...........-.......................w....n.....n.....nZ....n.....n,....n.....n.....n.....n.....n.....n....n....n6....n\....n.....n.....n.....n.....n(....n]....n.o...n,....n}....n....n.....n....n....n....n.....n.....n[....pR....p.....p.....p.....q.....r.....r9....r.....r.....r.....r.....r.....r.....r.....rX....r.....r.....rX....r.....r.....r.!...r #...ra%...rK&...r_*...r.0...r.6...r.6...rs;...r$>...rH?...r.@...r.A...r.B...r.D...rkK...r.L...rKP...r9\...r.^...r.j...r....r.....s.....s.....s\....s.....s&....sR....s.....s.....s.....s.....s.*...s.+...sx;...s.u...s2v...s.w...s.x...s.y...s.z...s0{...s.... s.....}.....}.....}.....}&....}.....}w....}^....}H....}=....}.....}.....}.....}.....}v....}P....}%....}.....}.....}w....}.....}U....}.....}.....}.....}.....}K....}.....}.....}U....})....}.....}.....} ....}.....}.....}W....}.....}.....}_....}.....}.....}.....}.....}?....}.....}.....}.....}K....}H....}..

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\headless_lib_strings.pak

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):3148964
                                                                                                                                                                                                  Entropy (8bit):7.9797214008707
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:49152:gubH3aVcrwso1yyrwz3yCo7X6sFiSMLbivc8qJKIRQ/u8SDEIHjcW/99w:gubH3aGRogyrwry9w9L2UYI2mB6
                                                                                                                                                                                                  MD5:A2A88F134B6A41245A7FD6881F2BFDA6
                                                                                                                                                                                                  SHA1:C55C6DA16E04AF692D39587C5F11BED31BF1EA07
                                                                                                                                                                                                  SHA-256:6F74802AF7F9F435D8853AA2131131751DE19FE7FFE91AFC7E203543D4E718C5
                                                                                                                                                                                                  SHA-512:D7BE69FCDFFD56FBFCC0C208AE5EA8A19FACF2E3A5AA1896A49155221A38D74A3C4441BDFDA9901FEEEBBE0B4231DF4D6B0DEE999D9D7F41858B5C3FD35EC071
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:........b.}...Rn...._n....qn.....n.....n.....o....fo.....o.....o.....p....dp.....p.....p.....q....dq.....q.....q.....r....Zr.....r.....r.....r..../s....Xs....fs.....s.....s.....t....&t....wt.....t.....t.....t....Vu.....u.....u.....u....Hv.....v.....v.....v....$w....kw.....w.....w.....w....:x....fx....qx.....x....:y....|y.....y.....y.....z....!z....0z....nz.....z.....z.....z.....{....Q{....r{....~{.....{....&|....X|....k|.....|.....}..../}....;}.....}.....}.....}.....}....E~.....~.....~.....~..........J.....s.....~...........9.....w......................<.....R............................\......................,.....s......................J.....e.....t................=.....M................*.....B.................\.....j..........&.....].....z................H.....W............................i......................X...........................................................................$...../.....3.....:.....D.....l.....w..............................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\icudtl.dat

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):10750576
                                                                                                                                                                                                  Entropy (8bit):6.281341985010261
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:196608:oQPBhORiuQwCliXUxbblHa93Whli6ZU6WOH:oMwkDliXUxbblHa93Whli6ZkI
                                                                                                                                                                                                  MD5:5784C2B7CA4736D45F771838D3DDA6E2
                                                                                                                                                                                                  SHA1:82A1CD2E1221044773ADDF27A32575DF6C06ADF1
                                                                                                                                                                                                  SHA-256:3A04D42D8C3149F2FC9350A16BDF2354FDDA46D68E3BA1ACE727E6DA2D98D17B
                                                                                                                                                                                                  SHA-512:5E465A22EA41658A9A910FDBCE276E805A2D6FD4D042750E96F3AB95A5C92C5EEAA76A160F745AA66B44AB8EB3FCC37FCFE5907AE19E16EE2FBB2C10CB82104B
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:...'........CmnD........ Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html ......F......,F...0..?F...1..RF...1..bF...9..uF...9...F...j...F..0k...F...k...F.......F.......F..0....F.......G......G......+G......>G..`...QG......dG..p...wG......G.......G.......G.. ....G.......G..@....G..0....G.......H..@..."H......5H......HH......[H.. ...nH.......H.......H..0....H.......H..@....H.......H.......H..@....I.......I......%I..0...8I......MI......eI..@...zI.......I.......I..0....I.......I.......I..0....I.......I.......J...3..$J..`3..7J...3..GJ...g..ZJ...h..mJ..Pk..}J...k...J...k...J...M...J.......J...$'..J...0'..K..01'.+K.. 8'.EK..p8'.\K...@'.sK...A'..K..@F'..K...H'..K.. K'..K...X'..K....(..L....(.$L....).=L....).\L...Y*.~L....*..L.. -+..L....+..L....+..M...W,.7M..@.,.NM..0.,.lM....,..M....,..M....,..M....-..M..`g-..M...h-..N...T/..N.. ./.>N..p.0.UN....0.qN....0..N....0..N..P.0..N....0..N.. /0..N..p/0..N.../0..N...[0..O..@\0.$O..

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):6949792
                                                                                                                                                                                                  Entropy (8bit):6.814706947908496
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:98304:+g3JY5poHR/dVh6txfG1loZO4FSrn2vTjg:L3JY5pmR/sfGzoZ1Fs2I
                                                                                                                                                                                                  MD5:21AD4599ABD2E158DB5128F32D3CC4EE
                                                                                                                                                                                                  SHA1:64B4A4E84AB7E68BAD798643162B88CA4678338B
                                                                                                                                                                                                  SHA-256:F7CB5A7A18FE1102A2F591B6AD7B79C68C972742DE2F34691771C1E9BA6BD82D
                                                                                                                                                                                                  SHA-512:52F5F1B39F4887BA4EC31593F4392D0F8381CDBBD233A22CA2A326F34DFF446477334ED7D8F4C9DBD3462D60BB7021C52F4CE9920530BD7AE21C40BCFAEEBC17
                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......f.........."...........d................@.............................pj.......j...`.....................................................P.........b......;....i..)...`j.(...|...8...................`...(.......@............................................text............................... ..`.rdata...d.......f..................@..@.data...PJ....... ...h..............@....pdata...;.......<..................@..@.00cfg..8...........................@..@.gxfg...P&... ...(..................@..@.retplne.....P...........................tls.........`......................@..._RDATA..\....p......................@..@.rsrc.....b.......b.................@..@.reloc..(....`j.......i.............@..B................................................................................................................................................................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer_helper_64.exe

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):616864
                                                                                                                                                                                                  Entropy (8bit):6.224717035550476
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6144:N+AWKhweCwL/Xn5lKDdbJRgbOmAR7/XvNk1I/KY2Oiul8ohseUWdZT:N+AwwLvnPKDdYgRLvi1IJt8oudWdZT
                                                                                                                                                                                                  MD5:298D95DFE54364E5D864916D8B42B57B
                                                                                                                                                                                                  SHA1:9714235D3D26B46B35CE1F7FFEBC4D280591BB52
                                                                                                                                                                                                  SHA-256:03D73AF7132EB077586ECA4E0E6AF7BC60A04A01D241A3960093C290E302E73F
                                                                                                                                                                                                  SHA-512:629CAE4CF987EA91DA82B5CEE7AFED55B3D7FDA71ECBB12614FE4B3211B1F4B3321AE596D5F5C8A9A2C611320181ADED7A50690A6E5875DC73E5977C7FE64AD5
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......f.........."......(...........x.........@..........................................`..................................................a..x.......P.......0E...@...)...........Z..8...................pY..(....A..@...........`f...............................text....&.......(.................. ..`.rdata..\....@.......,..............@..@.data...............................@....pdata..0E.......F..................@..@.00cfg..8...........................@..@.gxfg...p$... ...&..................@..@.retplne.....P.......(...................tls....1....`.......*..............@..._RDATA..\....p.......,..............@..@.rsrc...P...........................@..@.reloc...............2..............@..B................................................................................................................................................................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\launcher.exe

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2304416
                                                                                                                                                                                                  Entropy (8bit):6.440570911194646
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:49152:bCbc+v3neoFjYL1yOWK6NAxq8N0+cP27KIE:0v21yyxhI/
                                                                                                                                                                                                  MD5:D737A64C835D918DBE53B2C7724488FF
                                                                                                                                                                                                  SHA1:E5C7003AB10328E95D015AA75C08479B4CC1005F
                                                                                                                                                                                                  SHA-256:E8ACDD3FDF21ACE7F2A5A1A82CE5655A18FC52FC81D354A5FF685AA868FE1A98
                                                                                                                                                                                                  SHA-512:D6E90B9B32B2C5D3FEB0012E3A5BE5AA6E27801FECDE87BEF64D7BB8A23FC5BBDDE2A60A42F001B7515188B8BF23F8C959308C465F88FB62798814611021BAAA
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......f.........."............................@..............................$.....x*#...`.........................................`...b.......h.....". ....P!.......#..)....$.H.......8.......................(....S..@............(..x............................text....,.......................... ..`.rdata..0....@.......2..............@..@.data....A..........................@....pdata.......P!.....................@..@.00cfg..0....@"....... .............@..@.gxfg..../...P"..0.... .............@..@.retplne......"....... ..................tls.........."....... .............@...LZMADEC......."....... ............. ..`_RDATA..\.....".......!.............@..@malloc_h......".......!............. ..`.rsrc... .....".......!.............@..@.reloc..H.....$.......".............@..B................................................................................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\launcher.exe.1711816766.old (copy)

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe
                                                                                                                                                                                                  File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2304416
                                                                                                                                                                                                  Entropy (8bit):6.440570911194646
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:49152:bCbc+v3neoFjYL1yOWK6NAxq8N0+cP27KIE:0v21yyxhI/
                                                                                                                                                                                                  MD5:D737A64C835D918DBE53B2C7724488FF
                                                                                                                                                                                                  SHA1:E5C7003AB10328E95D015AA75C08479B4CC1005F
                                                                                                                                                                                                  SHA-256:E8ACDD3FDF21ACE7F2A5A1A82CE5655A18FC52FC81D354A5FF685AA868FE1A98
                                                                                                                                                                                                  SHA-512:D6E90B9B32B2C5D3FEB0012E3A5BE5AA6E27801FECDE87BEF64D7BB8A23FC5BBDDE2A60A42F001B7515188B8BF23F8C959308C465F88FB62798814611021BAAA
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......f.........."............................@..............................$.....x*#...`.........................................`...b.......h.....". ....P!.......#..)....$.H.......8.......................(....S..@............(..x............................text....,.......................... ..`.rdata..0....@.......2..............@..@.data....A..........................@....pdata.......P!.....................@..@.00cfg..0....@"....... .............@..@.gxfg..../...P"..0.... .............@..@.retplne......"....... ..................tls.........."....... .............@...LZMADEC......."....... ............. ..`_RDATA..\.....".......!.............@..@malloc_h......".......!............. ..`.rsrc... .....".......!.............@..@.reloc..H.....$.......".............@..B................................................................................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\launcher.visualelementsmanifest.xml

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):317
                                                                                                                                                                                                  Entropy (8bit):4.996593526126476
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6:ejHyaVic4subiL/bWHMjizddDhkQwYZXXKmJfFmkQwYEbghuPYEpwhugVFQ:eF8iDbWHMjizd2O/fbrghuP5whuQFQ
                                                                                                                                                                                                  MD5:E8D8EAA4C2826C083AB9243B5CBD7BF8
                                                                                                                                                                                                  SHA1:534361AE03417DFD14EBD6F961B707C75A2AF41A
                                                                                                                                                                                                  SHA-256:B3213B07F691C812425115428B9D6E0637D488159E0A1C160C8FA8F04DED11F6
                                                                                                                                                                                                  SHA-512:8ECCD5EF54A73E915A39CDEF9768837DD16E49AE27A3AE6428FB346C9C838FD9DBEDC3F40A9094754C770CA2236A0D2DFDE37D22289218D862AF5E8BC15E85E5
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:<Application xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">. <VisualElements. BackgroundColor="#06030D". ShowNameOnSquare150x150Logo="on". ForegroundText="light". Square150x150Logo="Assets\150x150Logo.png". Square70x70Logo="Assets\70x70Logo.png". />.</Application>

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\libEGL.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):480672
                                                                                                                                                                                                  Entropy (8bit):6.407077061099877
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6144:7AIY0X8PU5lauzzHfkgJvPAFrmFNVcPif2csfraP3qHH:7AIhsPUjauzzHfNVFNVcPO2cq+P3qHH
                                                                                                                                                                                                  MD5:F4CD4AC3B97BFECC0B1B204BB02A6D44
                                                                                                                                                                                                  SHA1:246FDEB112A0CD651C23D455232EB7F8D31ED41D
                                                                                                                                                                                                  SHA-256:42089A9C43D4715413A971F3E9B0F01B718A5FC7DC220A87608297635E2758D2
                                                                                                                                                                                                  SHA-512:3574CC3C24BEC63523D5B70158AFFFF720C40E9E62266F113A69B4C11AC9308F27B6A87D39555C0AB546111019667936D54AADF929C55EA225DB7A28A260A8A2
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......f.........." .........$......................................................6`....`A............................................h...x...(.......H........A...,...)......H.......8.......................(...@!..@............!...............................text...z........................... ..`.rdata....... ......................@..@.data....K....... ..................@....pdata...A.......B..................@..@.00cfg..8....@......................@..@.gxfg... &...P...(..................@..@.retplne.................................tls....!...........................@..._RDATA..\...........................@..@.rsrc...H...........................@..@.reloc..H...........................@..B................................................................................................................................................................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\libGLESv2.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):7640992
                                                                                                                                                                                                  Entropy (8bit):6.489540842464174
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:98304:r/5OeM37DfzKVyOzyWblxFz4t/BpTSE+b6rlTDYP1TSU3Xm3y4t1FDe:r/1MLzmVNzB6rZG1TVCy4t1F6
                                                                                                                                                                                                  MD5:0948651B610250144369FB114E0A1597
                                                                                                                                                                                                  SHA1:662165F38925C712024D36847FAFC55F705E9C8A
                                                                                                                                                                                                  SHA-256:D98F9E4FA6DEE9EA08E8760C594600E280C5A7AF5E552BA65446081FBBCD4966
                                                                                                                                                                                                  SHA-512:5DAE8D0C597FDA5D62F2D2A3437EFFCE415457EFD9DB3D842ADC4AEB3BFE08D48151F14AECE25D81824268BDCFAA0069A4A74F5319393D49624060C13831E391
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......f.........." ......Y..T......P}F......................................pu......^u...`A..........................................k.......l.d.....t.......q..Y...nt..)....t.....\vk.8...................0uk.(....1Y.@.............l.......k.@....................text.....Y.......Y................. ..`.rdata...]...0Y..^....Y.............@..@.data.........m......vm.............@....pdata...Y....q..Z....q.............@..@.00cfg..8.....t......`s.............@..@.gxfg....,... t......bs.............@..@.retplne.....Pt.......s..................tls....B....`t.......s.............@..._RDATA..\....pt.......s.............@..@.rsrc.........t.......s.............@..@.reloc........t.......s.............@..B................................................................................................................................................................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\localization\bg.pak

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):809086
                                                                                                                                                                                                  Entropy (8bit):4.792072887577772
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24576:JOEtuS31gRhcQ7E6N/fhIhIK6g2HK2JwZLvY2zQkECEUiVbMqqulWKVDVLts37Nz:JOpSs7xAI5K2JwZLvYT9UiVbbqxKVDV8
                                                                                                                                                                                                  MD5:069435B6240FD89EBDC05353CEFE1ADF
                                                                                                                                                                                                  SHA1:62CACFD36CC03F692E37BDB285873D02653C5020
                                                                                                                                                                                                  SHA-256:09A3501A3332D4609353C57C23F8A27BB1A215A9E07B52BC65E819C261DD6CDB
                                                                                                                                                                                                  SHA-512:D65C8439D88440A85D5FC78581B506A7461DFBD0463F8538870C016FFD90C3D4A728E6666CD05BF72363B45647065783CC10CD3BBDE0DEC3EE63F89DD2E01907
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:........y%..e.....g.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.2...w.?...y.E...z.T...|.Z...}.l.....t.....y...................................................................................,.............................W...........................................................b.........................................j...........|.....*.............................2.....z.....d.....).......................X...................................U.....h.....A...........$...........Q.................^...........A.....i...................................K ..... ..... ....t!.....!....H"....g"....."....z#.....#.....#....s$.....$..../%....U%.....%.....&.....&.....'.....'.....(.....).....)....e*.....*....3+....c+.....+....k,.....,.....,.....-................./.....0.....0....<1.....1....X2.....2.....3....M3.....4.....4.....5....D5....26.....6....G7....|7....l8....G9.....9.....:.....;.....;....C<.....<....X=.....=....K>.....>....'?.....?.....?....#@.....A.....A

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\localization\bn.pak

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1039857
                                                                                                                                                                                                  Entropy (8bit):4.3831224078899185
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3072:kbt+7m0FhX/ShdYH1/RFb/sHFe1XCqoEgFM:o+7pWghbyFK9dF
                                                                                                                                                                                                  MD5:EA60EE4E0F963ACEB074A516B2D6ADFB
                                                                                                                                                                                                  SHA1:7B053259B20E300ED7DA840C50742DEFE3123193
                                                                                                                                                                                                  SHA-256:65916DEDD8DF9C32471C2FBDFD368F4EA4AD6FA69CB7DF129BCA130481793DBD
                                                                                                                                                                                                  SHA-512:F9683D4C4CC33D9EB2DD2101DD547A405AB8B62448D0C950E9578F3677248D3303C232948EA25341A0AE7DCA86C2E20AC5B2194A97E93D1BAC07BB67FCAA1B25
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:.........%..e.....g.....h.....i.....j.....k.....l.*...n.2...o.8...p.E...q.K...r.W...s.h...t.q...v.....w.....y.....z.....|.....}...............................................................................+.....`.....................................................I.......................d.............................2................. .....X.......................5.....\.....:...........&.................h.............................;.......................O.....J.....4.................".............................u.................. ....&!....j!.....!....%".....".....".....#.....#.....$.....%....D%.....&.....&.....&....*'.....'.....(.....(.....(.....)....C*.....*.....*....b+.....,....V,....|,.....-.........../...../.....0.....1.....2....[2.....2....}3.....3.....3.....4....s5.....5.....6.....6.....7....h8.....8.....9....-:....y:.....:.....;....?<.....<.....<.....=.....>....-?....f?.....@.....A.....B.....C....JD....LE.....E....VF....8G.....G....aH.....H....gI.....J.....J.....J.....K

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\localization\ca.pak

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):513027
                                                                                                                                                                                                  Entropy (8bit):5.432519176352726
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12288:JQFmiLH+7C6ybGbf1bCCrz+W58rmUUkcvKOl3nRWgZO5F5i3RoCQrGyTSHNBe935:yHJ/8atIRF1kJd0njPYX
                                                                                                                                                                                                  MD5:18326F23AA856DC640E52CF3118C9B8E
                                                                                                                                                                                                  SHA1:8546BBFB20FDB9D385724B838C6B5F2D320F615F
                                                                                                                                                                                                  SHA-256:ACD7EA2DC2A510147CF37405194FCB95113E0A51EF2EC962C2E428EE8E2B0115
                                                                                                                                                                                                  SHA-512:7F6689389423A850009199EBEBE364A0360D9A39FAAFEDC51F9D4BE7E75142F498536B4F585AD55BB655571875DC6BEB73D562A0CFCFEE443640832A99A5F3D6
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:........q%..e.....g.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v."...w./...y.5...z.D...|.J...}.\.....d.....i.....q.....y.............................................................................F.................@...................................{.................].......................a.......................X.................!.......................{...........1.....W...........).....k.................9.....p.................b.................^...........B.....h.................I.....e.................%.....5.......................(.................-.....B.................*.....>.............................h.......................K.......................k...........!.....=.................!.....@.......................c...................................,.....g.................+.....D................. .....5.................C....._.........................................= ....g ..... ....6!....i!.....!.....!....""....J"....]"....."....5#....u#

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\localization\cs.pak

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):507732
                                                                                                                                                                                                  Entropy (8bit):5.86532539438707
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6144:IfAC3uuuNLX9rbVQnmVzYSUNOfs8SB08QJs+mLJ1XiLqvL4OQp:C/yBNrbVDVzYSUNOU8SVfC
                                                                                                                                                                                                  MD5:B41A26054D8E72602A9AB7C697678F96
                                                                                                                                                                                                  SHA1:8BCF77844B545F9AC8CED0D86F3F6B0416C5F5A2
                                                                                                                                                                                                  SHA-256:174AC36585B8F6C2C1822AEE05E1FB4EC73E984846D5DE29F2B849F7900EAB65
                                                                                                                                                                                                  SHA-512:18E6B530CFC63F4AABD29DBE0D69F71514673706A5E997A67E5EB3AA26AD482FB50B736F92BF8781A7C5951D64CAB89368DDD84B4054EB86AA8DC78BF72AB078
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:.........%H.e.....g.....h.....i.....j.....k.....l.!...n.)...o.....p.;...q.A...r.M...s.^...t.g...v.|...w.....y.....z.....|.....}.....................................................................................,.....A...........o.................M.......................z...........R.....k...........P.......................f.......................U.....}.................e.................K.................<...........#.....\.....t...........G.....|.................|.................K.................(............................._.......................@......................./.......................C.......................>.......................3.......................K.......................w...........:.....Q.............................b.......................h.......................n...........#.....Z......................./.................B.....W...........1.....r.................x.................V...........'.....H...........+ ....U ....j ..... .... !....E!....Y!.....!....3"

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\localization\da.pak

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):470889
                                                                                                                                                                                                  Entropy (8bit):5.495569110921885
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6144:t0boyL+ytCnoN90zVWilNMzPZJTd46RGw2wEzZhxqENiB3n47A7De+AHpsMclpHr:tfyLNHNCMzxR7SqENil/AKdTHr
                                                                                                                                                                                                  MD5:CBE27BAC580522BB951F8BBAFFBCAD3B
                                                                                                                                                                                                  SHA1:5668179351E705F10A24EF9464382BA6152C8B10
                                                                                                                                                                                                  SHA-256:9793C9F49DE1B1362C0DA4618BFFBDC5FACE9942E301A0B7FCF0E4E9E72D5535
                                                                                                                                                                                                  SHA-512:912408F1CD830E7BFF3AF1D7568FBC419DFC07A6FDFE15769632F7CCEBA7837380D71F6D84009C756044950005D050ADAA704B6925D2EC510E5874715798AA47
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:........T%..e.R...g.Z...h._...i.p...j.|...k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.....|.....}.+.....3.....8.....@.....H.....P.....W.....^.....e.....f.....g.....i.....w.......................+.......................`.................'...........3.......................l......................._.......................G.....q.................H.....w.................}.................F.......................m.................&.........../.................,.................*.............................g.......................@.......................+.......................1.......................*.............................i.......................R.........................................C.......................'.....{.......................X.....u.................m.................=.......................=.......................U.......................Q.............................(.....^.................Y.......................3 ....O ....\ ..... .....!

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\localization\de.pak

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):512947
                                                                                                                                                                                                  Entropy (8bit):5.526944497993563
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6144:SqDFDzwXNn6LeN5U2ztCaXdzlbBtCS94LlS5lmkVQAUDM:S+DzwjUWCatdCS91eRM
                                                                                                                                                                                                  MD5:9326997FFB3A1039FB8BFE9D66DE9917
                                                                                                                                                                                                  SHA1:EE70119DE4FB4C5385DA1D0F79CACB77D43CFBA2
                                                                                                                                                                                                  SHA-256:D8A2DDACEA96640CBC7144F662282DC2B0CF0A8B7DACE957BEE32C69D31830DE
                                                                                                                                                                                                  SHA-512:97E69AC95BF078647220935A76882728F9C9410513CBABFDAD3A2CB990C7B6C47DE62591A41A77048636DA8A070E5786AAC0B8044097A1C0255BA2A031F957F5
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:.........$l.e.....g.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.(...v.=...w.J...y.P...z._...|.e...}.w.......................................................................................................................n.................C...........;.........................................X...................................-.....A...........G.....~...........0...................................O.....`...........b.................I.........../.....I.............................m.......................~.................*.................).....:...........G.........................................F.......................o.................(.................R.....d.............................j.......................d.......................b...................................U.................V.....t.................p.................; ..... ..... ..... ....}!....."....U"...._"....."....|#.....#.....#....X$.....$.....$.....%....t%.....%.....&.....&.....&.....'

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\localization\el.pak

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):875935
                                                                                                                                                                                                  Entropy (8bit):4.880943970317316
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24576:2ykN6BN08fjsCKG9w+ZzD2xEEbvL7Ffrk+mIeJFlmfPPpqpWbIzK0Yt2cd8ZKoMZ:2EBN08fjsCKG9w+ZzD7EbvL7Ffrk+mIL
                                                                                                                                                                                                  MD5:6F6CCD956162C7BC4C9A38AB6B036370
                                                                                                                                                                                                  SHA1:C7D3EA4F2C5DCE0169E01FDC90AF07B991BD76BE
                                                                                                                                                                                                  SHA-256:6C9BA5EBF7A1047858350D08FB108C6A47F413B97F716999C38AD04C50429667
                                                                                                                                                                                                  SHA-512:952BC5E564FA88F808A5FD9E13B38D82034E4C89C027E8AE1D39B9938B9846CA4FC576912F58E5574C2500D9FE84158C14AC70A50C49785C0A64DD463B22B4CB
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:........B%$.e.....g.6...h.;...i.C...j.M...k.\...l.g...n.o...o.t...p.....q.....r.....s.....t.....v.....w.....y.....z.....|.....}...............................!.....(...../.....6.....7.....8.....:.....a.......................8...................................Y.................k...........I.....l.......................~...........d...........*.................).......................P.....X.....R...........!.................2.....M.....4...........b...........~.....9.................#.............................j.......................?.................M...........; ....w ....R!....,".....".....".....#....X$.....$.....$.....%.....&.....&.....'.....'.....(.....(.....).....).....*.....*.....+.....,.....-.....-.....-.........../...../.....0.....0....>1....w1.....1....P2.....2....>3....k3....X4.....5.....5.....5.....6....;7....w7.....7....i8....+9.....9.....9.....:....V;.....;.....<....9=....T>.....?....C?....D@....+A.....A.....A.....B.....C....rD.....D....^E....(F.....F.....F.....G.....H

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\localization\en-GB.pak

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):414723
                                                                                                                                                                                                  Entropy (8bit):5.552932998647449
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6144:U0929nnBblkE8JSQr6BcGRgwCfDyv2QKus46d92WR2:U4Qw3JFrQGii46lR2
                                                                                                                                                                                                  MD5:99B9B49CAE689E3561C827EA02635F9D
                                                                                                                                                                                                  SHA1:2CAF079F32362D22D68BE858159F265409D18E32
                                                                                                                                                                                                  SHA-256:7063979166F0B1A0ABA5B4E090D702808BB62D9326A518BE86EA4BBB2E6E96A2
                                                                                                                                                                                                  SHA-512:73D74789E4CE260F0D5C370AB22F3ABC2804B60D4EE9E3FCF2BD85C761DAD135E08EFC4316583FB82A03821B364313996380653C4699192749063AD0EA259141
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:.........%..e.....g.....h.....i.....j.....k.....l.....n.....o.....p.!...q.'...r.3...s.D...t.M...v.b...w.o...y.u...z.....|.....}.............................................................................................................7.....J......................./.................+.....A.......................*.....v.......................<.............................J.....o.................=.....r.................+.....\.....j.................,.....<.............................r.................&.....e.............................?.....^.....h.............................n.......................O............................._.............................G.....R.............................t.......................m......................./.....k......................./.....P....._.................8.....^.............................b.......................Q.......................L.......................s.......................x.......................B.............................^.

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\localization\en-US.pak

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):417185
                                                                                                                                                                                                  Entropy (8bit):5.550011130613742
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6144:uEI84cHEA33RyrZngn/OsiwYzSyvepwG326O9bUR2:uN8BpcrIiwSlC26PR2
                                                                                                                                                                                                  MD5:E41F1594692F65CF99502F40582C82D7
                                                                                                                                                                                                  SHA1:7787AE80BBC73CC16E8E8118838DE2A3971AF2AC
                                                                                                                                                                                                  SHA-256:4FD95212B6ECBDC1C58388148EA2314CE5EA5BCD11BDDF05E51B14404D2746A6
                                                                                                                                                                                                  SHA-512:80047E2312B48ECF68BD3A7AF1D38F23ACB390293F8B31656D5DE72F9DD71A574D17DAB3656B34DFD513673CC876E2BA464BDA58BF420D5D9B7E5B8F049077D5
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:.........%..e.....g.....h.....i.....j.%...k.4...l.?...n.G...o.L...p.Y...q._...r.k...s.|...t.....v.....w.....y.....z.....|.....}.........................................................................".....4.....D.....U...........).....q.................'.....X.....h...........'.....c.....y.................L.....a.......................).....r.......................:.....{.......................j.......................X.............................Y.....i.................).....4.................?.....S.............................1.....l.............................5.....A.............................|.......................G.............................L.....t.......................6.....A.................:.....O............................._.............................a.......................6.....k.......................(.....7.............................u.......................q.................-................. .....=.............................a.......................,.....y.

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\localization\es-419.pak

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):502335
                                                                                                                                                                                                  Entropy (8bit):5.40727042571361
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6144:Dd4SYg2R2cJwZCXizXu2ndN/Bm+LJgwbYf+cwdyEcG2Bj1B3F9iBHKvI4:54SYgg5izuINx3cwdyzYqvd
                                                                                                                                                                                                  MD5:2966795E0B931BADB32374A6244B7868
                                                                                                                                                                                                  SHA1:7744C5801BAEC1B76EDE8A9429CA35C6E3BF55FE
                                                                                                                                                                                                  SHA-256:720014CD29A97B1C911DD887BC69D3833178211C882E72109FDF391CC6C2C499
                                                                                                                                                                                                  SHA-512:85D263AC49D7E3280CE14C9E614A10AB666F5BA3AE8EAAEB1228356DDA11D38A5A84A7CC30272D5A9012E305A797F4BBCE987D72AF4E811A072F30C90EB92BEE
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:........v%..e.....g.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.-...w.:...y.@...z.O...|.U...}.g.....o.....t.....|...........................................................................................................r.................c...........@.....^...........K.......................K.....u.................E.....m.....~...........x.................w...........+.....U...........2.....w................._.................2...................................s.................1.....`.....{...........&.....T.....c...........%.....[.....q...........N.......................j.......................`.......................E.....u.................M.........................................b.......................l.................S.......................{...........2.....s...........".....H.....b...........#.....X.....q...........>.................3............ ....1 ..... ....7!.....!.....!....,"....."....."....."....>#.....#.....#.....#....@$.....$.....$

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\localization\es.pak

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):498817
                                                                                                                                                                                                  Entropy (8bit):5.394334592286179
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6144:tkh0VbOA9k8812cjsjiHa/HJTP6PZOk8jOwgcXg1+y183yOY+KnTzP1X7jHUoEWh:tkh0VbOA9k8Li6/H3Dz683yp7jXXI9E
                                                                                                                                                                                                  MD5:7C3587F68CC1E3984A6604B26E746759
                                                                                                                                                                                                  SHA1:5DBCDC4804311429C2CE463CD9F59EA0810C38C3
                                                                                                                                                                                                  SHA-256:8F984030BCE1792A4C6AAA7813A12B25DE55018741EE0B4A8A684247B08C4753
                                                                                                                                                                                                  SHA-512:918CECAD97C3DBE3E6FF93E3132CEB94231F23C7694B6C5AD9B92E9D2C93B5067C9F006D0FEF791F63E53BD7EC2C73EC4B37C6A057520CAEE486EC9FF653A5C6
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:........j%..e.~...g.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.!...y.'...z.6...|.<...}.N.....V.....[.....c.....k.....s.....z...........................................................w...........o.................l.................X...........H.....b...........E.......................W.......................X.....................................................8.....V.................q.................R................."...................................S.....x...........-.....`.....v...........".....J.....Y.................R.....h...........4.....g.....z.........../.....c.....o.................M.....X.................0.....:.................'.....7...........%.....l.................<.....h.................6.....].....|...........c.................#.......................u.......................i................................... .....:...........N.................Q ..... .....!....E!.....!....("....i"....}"....."...."#....H#....[#.....#....,$

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\localization\fi.pak

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):467188
                                                                                                                                                                                                  Entropy (8bit):5.475064085956737
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12288:RV1s819a+fI/2BEqWaVufYfZhuQ/bOYd2YlVtcKXrGkc1JQ:ly2GmrEIr
                                                                                                                                                                                                  MD5:A9ACAB0B24DFACE9A64E78369836F851
                                                                                                                                                                                                  SHA1:FF2A3BF13F3F79056591D557CC229E0F3F2FFE5E
                                                                                                                                                                                                  SHA-256:5658D14A4754922E98CBC9017FB90E013CE9B1FF2EB87C58419ED3E98AA00178
                                                                                                                                                                                                  SHA-512:B509174CF0C7D9AA74778CC529B48D1B2512F553E680180A22036150436238EB8D01243ED3D7165F8159DC107984F3C8788B44815E5E68E0170CB2FEF150BA74
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:.........%Y.e.....g.....h.....i.....j.....k.....l.....n.....o.....p."...q.(...r.4...s.E...t.N...v.c...w.p...y.v...z.....|.....}.........................................................................................../...........4.......................b.........................................>.......................H.......................&.....o.......................K.....q.................n.................(.....|.................$.....~.................'.......................G.......................p.......................J.............................Z.....{.................*.....T.....^.................=.....J.............................w.......................[.......................P.......................m.......................:.......................0...............................................8.....x.......................U.......................M.................&.......................t.................!............................._.......................&.....~.

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\localization\fil.pak

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):521436
                                                                                                                                                                                                  Entropy (8bit):5.300414613948606
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6144:o8xZxWpc9B4FqwCGUoufaPNDtnJsy5WBE2bKUfm4:oNLIoTHWBlKL4
                                                                                                                                                                                                  MD5:FCBA6E51F1608B1F8C20A53228F7A0E3
                                                                                                                                                                                                  SHA1:E6A96AACD82B9559FD1895F3FB436CC1FA9E68D8
                                                                                                                                                                                                  SHA-256:6190A1353D3B59A3954082AD42CCEDF474D9493A816E4C33C7BF70357C266822
                                                                                                                                                                                                  SHA-512:835F3E462C6A200BE54AEFC7E2A09ABB218F1411C376E3390C49A5A64B3EDB99AB503C8C845F4EE7556FA3E78375AC6CC4D194C1D44A1B9F9A007CE7675F2750
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:.........%..e.^...g.f...h.k...i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.$...|.*...}.<.....D.....I.....Q.....Y.....a.....h.....o.....v.....w.....x.....}.............................r...........a.................v.................x...........e...................................?.......................L...................................@.....o.............................t...........2.....H...........2.....o...................................}...........i.................J.....u.................@.....h.....u...........).....S.....b...........?.....z.................\.......................d.......................e.......................g.................$.......................y.................$.....s.......................c...................................E.....|...........C.....m.................e.................A ..... ..... .....!.....!....L"....."....."....[#.....#....*$....[$.....$....;%....q%.....%.....%....A&....i&.....&.....&....u'

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\localization\fr.pak

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):533204
                                                                                                                                                                                                  Entropy (8bit):5.42656536496862
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12288:bTlsXvu432L72zNvxcgw1IaSVATiwsn8Zw4rMYnYbGBA3z8GABqXJRCxB2gTSWel:bTO0N1GAMf
                                                                                                                                                                                                  MD5:299FDEC5C529F686A75CA8DD249C28DB
                                                                                                                                                                                                  SHA1:BFBE364AF58B9C4A967F5A8CE826DA5EB2AF6AD9
                                                                                                                                                                                                  SHA-256:78C7BB9624B063607896C34122469F849BD49C24962863BB31CF1D971D885050
                                                                                                                                                                                                  SHA-512:BD34415842DF72127CDC05ABE58F9C73CD90F5C2C5AF0AF32B514066FD32F0A57DA05E01DA8A531E36F28F3E164BAB945D96CF7592489630051474F17C2A394B
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:........h%..e.z...g.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.&...y.,...z.;...|.A...}.S.....[.....`.....h.....p.....x.................................................................x.......................,...................................n.................e.................7.......................<.........................................\...........G.........................................D.......................z...........2.....K...........o.................M.......................N.......................H.......................`.......................y.................(.....|.......................i.......................b...................................q.................N.....|.................2.....R.....p...........9.....v...........*................. .....y.......................y...........#.....?...........+.....x............ ..... ..... ..... .....!.....!....5"....\"....."....g#.....#.....#....($....|$.....$.....$....;%.....%

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\localization\hi.pak

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1067175
                                                                                                                                                                                                  Entropy (8bit):4.410832963989589
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3072:3UtowpoUCbp2+NpqOV/BB0ZV1d1EGZDS7WexEWUt2bhtWi2V8nC5kbLAbqmbeget:WoHUCHkwsLlqdd
                                                                                                                                                                                                  MD5:9907AB6C963DB1613E3811104F3DDD9C
                                                                                                                                                                                                  SHA1:549D59E22ABF5D80B5690EFE85B27438ACAA5A00
                                                                                                                                                                                                  SHA-256:0A485C447311495D55B8EAC8D4F00356A0250F95B44FD8C549DE59357084AA11
                                                                                                                                                                                                  SHA-512:9AA2986CA627158B6ECD23D65166D2E8B5B5E23DA8103FD27DB6C4212B61610BF73FD94CB68F028280D045CA78B4BF131CEFBC23BEE23FB2ABD911032E7E3F4A
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:........{%..e.....g.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.!...t.*...v.?...w.L...y.R...z.a...|.g...}.y.................................................................................../.....h.................L.................j.........../.....]...........l.............................B.................#.....S.......................).......................P.....u.....Y...................................D.....+...........Y.................x...........C.................@...........T...........Z...........> ..... ....B!....m!.....".....".....".....".....#.....$.....$.... %.....%.....&.....&.....'.....'....o(.....(.....(.....)..../*.....*.....*....W+.....,....i,.....,.....-.........../....I/.....0.....0.....0....)1.....1....E2....x2.....2....]3.....3.....4.....4.....5....N6.....6....(7.....7....n8.....8.....8.....9.....:....H;....z;....}<.....=.....=.....>....e?.....@.....A.....A.....B.....C.....D....ZD.....E....wF.....G....aG....UH.....I.....I.....I.....J.....K

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\localization\hr.pak

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):497570
                                                                                                                                                                                                  Entropy (8bit):5.5613731809737335
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3072:E/ryT/5LWXUGXkAPKRpjqIGaBV08LQFvBAGC7ZqVwcsRqH7c2Dn3LWO6AHshClBY:qw/5LU7X8Rp+ALqwAjSihswJKaSyCiZw
                                                                                                                                                                                                  MD5:09431A45311A97E2B598A26741AC3BC6
                                                                                                                                                                                                  SHA1:96D26E3D9217028A5A6900B1EF51E354442FEEE7
                                                                                                                                                                                                  SHA-256:E04D8A13FBC1B372D7C1FAD6F7A47BFC3CB4FB768B7BE66B1CD52191DBBECA76
                                                                                                                                                                                                  SHA-512:8ECACA63D58BC1849948DBC5A2833CFE605E9F36A47E5AD5CECED3AC040A9400156829CD13619A11B14AED4FE5237CE021F935FABEDBE669A0A5204697FA1195
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:.........%..e.....g.....h.....i.....j.....k.....l.....n.....o.#...p.0...q.6...r.B...s.S...t.\...v.q...w.~...y.....z.....|.....}..........................................................................................."...........N.................;.......................n.................M...........!.....].....s...........-....._.....o.................=.....M........... .....R.....w...........t.................O.......................v.................!.................W.....r.............................p.......................N.............................`.......................T.......................O.....}.................W.......................L.....w.................2....._.....o..........._.......................e.......................K.....j.................3.....`.....w...........V.................).....x.................$.......................R.............................'.......................y.................D ..... ..... ..... ....2!....{!.....!.....!....."....."

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\localization\hu.pak

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):531019
                                                                                                                                                                                                  Entropy (8bit):5.672617115733098
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6144:YWkE356hC5WRIHGDHbtGSmeFkQ9XmBdpEN/3ICEqPHyNwkatTD5HvGTZfp6GcMAG:YWkcWL4ckaUsD5HvGys+4f
                                                                                                                                                                                                  MD5:06C8057DF87662E4AF3B693A88D04A9F
                                                                                                                                                                                                  SHA1:C2C1ECD1CF9AB7A1C5F56096F915B052684712AD
                                                                                                                                                                                                  SHA-256:A73FE543AE2EA5EA42CBF357EA58184E78FF561C29F61B4F52FB17C7B7D5F185
                                                                                                                                                                                                  SHA-512:161C8101D3FF8FA39F877E2752E3B5BD9DB6FF4200ECB5A1C45CEDBB6BFD014BF93B8593BF678BD3D0E8BF67DBB943B880F8528F5B690A82BB55FC0D79A32102
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:........"%D.e.....g.....h.....i.....j.....k.%...l.0...n.8...o.=...p.J...q.P...r.\...s.m...t.v...v.....w.....y.....z.....|.....}.....................................................................................C.....W.................&.....D...........;.....................................................E.....^...........8....._.....p...........F.................,.............................6.................$.......................X.................$...........'.....m.............................'.................G.....d...........<.....c.....{...........S.....~..........."...................................b.....x.............................:.............................#.....e.....y.............................Z.........................................6.................<.....T...........P.................<.......................2 ..... ..... ..... ...._!.....!....."....5"....."....c#.....#.....#.....$.....%....Y%.....%....$&.....&.....&.....'....o'.....'.....(...."(.....(.....)

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\localization\id.pak

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):450780
                                                                                                                                                                                                  Entropy (8bit):5.4223529482397606
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6144:A+gAIJgCRdcpJwkK563SzTHEjSEnmFBEiuUTn:A+sgqcpsEHnmFWUT
                                                                                                                                                                                                  MD5:AADFC73804D0AF347FF2406F8EA17327
                                                                                                                                                                                                  SHA1:BDCBD96015311F636FA4A1883AE9F7745F7C642D
                                                                                                                                                                                                  SHA-256:30ED0454488349AAE35E2023F6E04CBFBAD39DCCC9149C54FA8BD4C5C5058486
                                                                                                                                                                                                  SHA-512:F578EB1C6C20A9FDC302F36F2154ADA3DE28E065E3936E985CE28563D5B2C67E91AA46607A919AA06D983302B6C816401357339655415C7F350295B3BD1EE970
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:........c%..e.p...g.x...h.}...i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y."...z.1...|.7...}.I.....Q.....V.....^.....f.....n.....u.....|.....................................................D.......................d.......................U.......................q.......................t.......................R.......................<.......................D.......................8.............................c.......................c.................%.......................,.....i.......................(.....M.....Y.......................%.............................g.......................B.............................i.......................P.......................C.....y.......................,.....=.............................f.......................G.......................+.....g.......................A.....o.....~...........:.....v...................................].......................p.......................F.............................u.

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\localization\it.pak

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):499094
                                                                                                                                                                                                  Entropy (8bit):5.328817560077638
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6144:15N/m7eMRmzh8YYQDLIefGgAFK54qG0e3qqzKpwLlBy5kxAjNuRtEmYS9lcZujgP:15N/2Ri8wRwLCZGd8JadT+
                                                                                                                                                                                                  MD5:158CCD4881619B7E465794335BC15ED9
                                                                                                                                                                                                  SHA1:8C17B1064BD34E6CA82CB5753ED24316E6C73EF5
                                                                                                                                                                                                  SHA-256:08DB2F75AB5815EF2CB54F27E75C507B0FDAB8089E59441ED0BFEE43EB3AC2E6
                                                                                                                                                                                                  SHA-512:851AB3B7D3B259FFAD9D30B65B1227E79B95662CB34E8D1CD6B5960D1665F456C78265D952C94B929008FBEE5D26E065B5CB04A2E1B2404BCB8FBF677188061A
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:........W%..e.X...g.`...h.e...i.v...j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.....|.....}.1.....9.....>.....F.....N.....V.....].....d.....k.....l.....m.....o.............................W...........E.....a...........&.....h.....y...........q.............................5.....^.......................+.....}.........................................D...........<.................&.......................G.......................d.................&........... .....u.................A.....m.................%.....O.....]....................... .................*.....<.......................#.....r.......................F.............................p.................(.......................T.......................#.....X.....n.................2.....^.....s...........O.................1.....t.......................J.....u.................m.................u...........e.....|...........v.................m...........% ....; ..... ..... ..... ..... ....j!.....!

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\localization\ja.pak

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):599830
                                                                                                                                                                                                  Entropy (8bit):5.8281706210617825
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3072:32dINrcpX83p2UKGTuLuGrL13dAxXFIGxgK0usjSy+QUJNt4DYKVS7b0X7HZBFBV:3l2BjUFTq/flVqeVQdljYYNau34
                                                                                                                                                                                                  MD5:1B5D982CFC66F02F8AF503780ACA5176
                                                                                                                                                                                                  SHA1:B064393D8B059F5DAA48161DB720756F464C5AD1
                                                                                                                                                                                                  SHA-256:F4E00BC9855771706065E837D8085DDF52BCD47488A189209A7547D14DF40EDA
                                                                                                                                                                                                  SHA-512:A19A1C706D1B159B7904F7DA454FAF6F0B4A6D13210F52BACEAD7AFF17280B9FE7C23A168AACA32A869C52819BF5921182010878AA3F90A226F28F3A77677196
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:.........$..e.....g.....h.#...i.....j.7...k.H...l.Q...m.Y...o.n...p.{...q.....v.....w.....y.....z.....|.....}................................................................... .....".....'.....@.....j.................F...........$.....B...........8.....u...........(.................&.......................3...........#.....T.....f...........4.....a.....q...........m.................[.................@........... .....S.....c...........>.....o.....~..........._.................N...........P.....k.........../.....Q.....m...........n.................\...........$.....E.............................{...........M.....\...........X.................".......................k...........7.....L.........................................3.....U...........:.....l.................y.............................E.................7 ....Y ....h ..... ....m!.....!.....!....B".....".....".....".....#....4$.....$.....$....I%.....%.....&....8&.....&....L'.....'.....'....2(.....(.....(.....(.....).....*....O*

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\localization\ko.pak

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):501964
                                                                                                                                                                                                  Entropy (8bit):6.169334467010321
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12288:lINpoGuV39uqp7VKixMGLtlq7Hh1mrOerIi1HNGc36xKpVdKV2WBQL:lgpoGuV3WGm0I2z
                                                                                                                                                                                                  MD5:282C517076CBBC464595B5A04BCCDB14
                                                                                                                                                                                                  SHA1:51CED44010BFCFFB320B632CF27548855FAFAA02
                                                                                                                                                                                                  SHA-256:22489C861BCEF0D79A2FC03FB5A1C55E1176922FFBE89C05BC7C54C6C6F847B3
                                                                                                                                                                                                  SHA-512:424595BC00FFCCF77E8EE561634F14793CB8D539681BA6672EA224785C62010C8DBA798A2F4D2B721E9CB960D774591EF5C260BF0B74FF053AFC55F784F0A315
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:.........$..e.....g.....h.....i.....j.....k.....l.....m.....o.....p.....q.!...r.-...s.>...t.G...y.\...z.k...|.q...}.............................................................................................................V.....t...........M.........................................H.......................f.......................k.......................z...................................,.....@.................).....6.......................&.................0.....@...........C.......................Y.....}.................:....._.....o.................:.....J.................l.................L.......................W.......................Z.......................X.........................................O.......................?.......................J.......................d.................8.............................T.......................W.......................j...........-.....;.................E.....\...........$.....S.....f.................9.....L.................=.....P.

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\localization\lt.pak

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):532287
                                                                                                                                                                                                  Entropy (8bit):5.6618162413155915
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6144:72fvn4ETX/XPIx7iGyyXaGcGYDj/T2If6SxtCs1TsRaVKx52O:CfvJfIdiGyjDj/76SxssmR/j2O
                                                                                                                                                                                                  MD5:587FEF1B576042E1D3918915FEC494B3
                                                                                                                                                                                                  SHA1:D957FFC8F7EBBB3245837E501A2CD790BA788569
                                                                                                                                                                                                  SHA-256:8D13CCA2F6BD9E51FDC7F919E41C9A4EA01C0BF78C780C1AD75BA0FBF47AA134
                                                                                                                                                                                                  SHA-512:E12AD4E4186321DF04EB6CF570094A5B5986C36027A44CF71738AA8467EE270DF8C9C77234D16102F6DCE286ECB52CBA0953EAB7E38ACEBDBD625E5F4187F12E
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:........^%..e.f...g.n...h.y...i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.-...|.3...}.E.....M.....R.....Z.....b.....j.....q.....x.....................................................h...........V.....q.........................................[.....u...........l.................6.......................u...........1.....H...........B.....v...........%...................................6.....G...........5.....o...............................................f.................f.........................................@.......................y...........7.....J...........>.....x...................................Q...................................5.....C...........v.................Z.............................+.....e..................................._.................O...........& ....H ....[ ..... .....!.....!.....!....u"....."....<#....`#.....#.....$.....$.....%.....%.....&....Z&....z&.....'.....'.....'.....(....\(.....(.....(.....(....|).....*

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\localization\lv.pak

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):530446
                                                                                                                                                                                                  Entropy (8bit):5.669799465505182
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6144:G4MYLxpFOV+yzyqU28c9ssRmK7Bp57YXQGBi5nbrNk8zptNctVFL8qRB5mhDssZm:TMy3OVPzr7f5XG8Nk8ai2x
                                                                                                                                                                                                  MD5:1E08EA238ABF7AAB7F23F1BAB5EE7F6C
                                                                                                                                                                                                  SHA1:D1C619187ABBF793BB10C6F8E275B098C65E37CE
                                                                                                                                                                                                  SHA-256:B59B19BA5920293FB0A8C6B5420904B47632E97A7A00FF8CF779EAC1783FB645
                                                                                                                                                                                                  SHA-512:595CBC15E7C694C5A17024B573E69F6297F170DC60BB4647D9D1F509247E32955BE90632896463FE02ED5041422EC43439657CD4C991F7D9BFDD982EB79FB23A
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:.........%..e.....g.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.*...s.;...t.D...v.Y...w.f...y.l...z.{...|.....}...........................................................................................0.............................y...........D.....W.............................x...........I.....h...........G.........................................?.............................U.................8...................................O.....b.............................t...........j.................V.....|................._.......................m.................%.......................y...........*.....<...........*.....a.....p...........Y.........................................r...........e.....}...........@.....[.....p...........o.................%.......................Z...........*.....d...........1 ....Q ....j ..... ....n!.....!.....!....:".....".....".....#.....#....l$.....$.....$....j%.....%....%&....K&.....&....F'.....'.....'.....'....b(....}(.....(....$).....)

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\localization\ms.pak

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):465066
                                                                                                                                                                                                  Entropy (8bit):5.319654799734954
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6144:+1ZzO7mJZnRcE4ZzPtfcIQx89sQocTlqu:OZzC0nWE4hQxBW5/
                                                                                                                                                                                                  MD5:D38EA19CB1C529A5284F8C70E05601B2
                                                                                                                                                                                                  SHA1:54CAD7FA9CD399485056AD79A02AFCF90D25CB9B
                                                                                                                                                                                                  SHA-256:B2D6777CEA095DB001D5F8D861C6889DD9618B1365DA6CAC866DA82F514ACF4E
                                                                                                                                                                                                  SHA-512:8AFF259DE73A9440D61AD095CF6E842372606B047DD1A54B1B23D11463467D34F57C24C139DC1BAE096D6C98B9D4FCF5E6625DB20A08FCEA3A11298F338740A8
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:........]%..e.d...g.l...h.q...i.y...j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.....|."...}.4.....<.....A.....I.....Q.....Y.....`.....g.....n.....o.....p.....u.............................Y...........+.....G.................:.....J...........(.....i.................V.......................^.......................S.......................X.................'.......................H.......................%.....y.......................q.................0.......................W.............................l.......................?.....f.....r...........9.....s.................A.....v.................7.....i.....s...........%.....U.....^.................K.....V...........9.....~.................:....._.....w.................>.....X................. .....1.......................8.............................M.......................]...................................W.....e...........4.....o.................A.....o.....|.................3.....C.............

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\localization\nb.pak

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):455316
                                                                                                                                                                                                  Entropy (8bit):5.4739564830342475
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6144:2rl6DGqTc8jrGw6yyMrr+8f1SLqxs/Pryi6x1xljtCM:2rEDo8jrL6f8f1SmxMPnExljtCM
                                                                                                                                                                                                  MD5:B91F4826DC081EBC7791FB0837EF3A4F
                                                                                                                                                                                                  SHA1:7D00E2D5661E55A935236F52540ADC85DA433EF2
                                                                                                                                                                                                  SHA-256:3C787E535389FADD70ADB97E275A6C53850CCC09CBFEA15B8BB7EB9B35DF56F4
                                                                                                                                                                                                  SHA-512:698318CD1F911B4B44735BDA618CBF7010FE2ED32A69FEAE8D2636B46D72BFB6D3A4608D89D5AD93FC9C73A633A8887E7B35887CED65F8EA741B6AF98AAEFC62
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:........Y%..e.\...g.d...h.i...i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.#...|.)...}.;.....C.....H.....P.....X.....`.....g.....n.....u.....v.....w.....y.............................Z...........M.....b...........+.....d.....w.............................W.......................X.......................F.......................G.......................s.................;...........H.................".......................^...........#.....=...........].......................h.......................=.....b.....r........... .....E.....U.................T.....h...........(.....V.....f.................`.....p...........#.....L.....\.................H.....V...........@.......................N.....t.................2.....Q.....j.................9.....K...........8.....w.................b.......................n.................$.....u.................2...................................E.....n...........6 ....b ....u ..... .....!.....!....<!.....!....."

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\localization\nl.pak

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):468815
                                                                                                                                                                                                  Entropy (8bit):5.414013572567173
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6144:wge90JwO/GpXgcoQ6oTcRP65XDpIK4m/ucy:q0JwO/GpXgconoTcRS5TpIo/uB
                                                                                                                                                                                                  MD5:D2F3D7B4FA4AD57F773AE15EB3E70222
                                                                                                                                                                                                  SHA1:A1F217C981B38AC46CE18E4374374DE0FAB39997
                                                                                                                                                                                                  SHA-256:44E08FE6BF7F10DA6F94A81E7BB659A9238E5988E1907C34B999353FD07DAE21
                                                                                                                                                                                                  SHA-512:13B00CE1496BB2C1FB2CA26385FCCE612FF11BFA28FE8B59798DFBEEE9E60AFCFB59549BE0707C5C6FAC8BBBA1D97B1697C234CEA7A1E85EA74E0E93C3677431
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:........m%..e.....g.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.#...w.0...y.6...z.E...|.K...}.].....e.....j.....r.....z.......................................................................r...........<.....Q........... .....].....q...........X.........................................!.....x.......................\.......................j.................:.......................Q.......................Z.......................|.........../.....E...........9.......................<.....`.....t.................3.....A....................... ......................./.............................l.......................I.......................6.......................I.......................k.......................\.......................?.......................C......................._.......................A.......................`...................................m.....~...........l.................@.......................7.......................% ....}

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\localization\pl.pak

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):514993
                                                                                                                                                                                                  Entropy (8bit):5.7844368274597
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12288:AmtOK56Qa4eCQ08WoOBCEtfQfM6HCOb6/PQCUd79e3mFR/TYYdeMsucZr1iguIw:99lrJDMt
                                                                                                                                                                                                  MD5:AEAD81008645D092C0D4498C845D7A5B
                                                                                                                                                                                                  SHA1:A1B1CCF4250C20234C8D48A681666C77646FCA4A
                                                                                                                                                                                                  SHA-256:8D767C47DB1494BC90A7B98E98680DD60B246636275032E5EC00C119E9595F8E
                                                                                                                                                                                                  SHA-512:E0D5A15A57A08E70BA0181C95292920D740A6117E244C9BC7BD2160729A04E1DCD118A9D40CB23C4C95B442460EB0CE86C5E7DDE86F1A71CA1687DE7C2B67A83
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:........[%..e.`...g.h...h.m...i.~...j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.....|.%...}.7.....?.....D.....L.....T.....\.....c.....j.....q.....r.....s.....u.............................d..........._.....{...........I.................(.......................u.................*...............................................0.................=.....c...........Y.................6.......................L.......................x...........<.....X...........i.................E.............................Q.....t.......................8.....F.................H.....\.................J.....\.................B.....R.................).....9.................).....:...........$.....q.................#.....@.....W.................!.....G.................7.....L.................m.................7.....U.....l.................E.....a...........>................. ...................................3.....^............ ....E ....V ..... ..... .....!.....!.....!.....!

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\localization\pt-BR.pak

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):490961
                                                                                                                                                                                                  Entropy (8bit):5.462948787832137
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6144:NKT/ngth9TSzp8XR6BJv2cQ74WesRYcTzINBXBLTUpnDk/eds7:NigdXRosceesRRTy
                                                                                                                                                                                                  MD5:3BA421A36A38A2596C3EE23161D602BF
                                                                                                                                                                                                  SHA1:62D09596040F1B59AD0CB786A7B26166F4F57503
                                                                                                                                                                                                  SHA-256:23FFC508EF4C74DBECFD2EABFB74B48AEF082C51B0B436F83C7553EC4CECE580
                                                                                                                                                                                                  SHA-512:1E1E0616578D4BB4ACD4508B69784EA8E033A030A4EC4D4148D2603E7D27A9B953EE385AD9C128486C261BCA3124B780D4C6C08A03F7F55776C84CD28AD5964D
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:........p%..e.....g.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.)...w.6...y.<...z.K...|.Q...}.c.....k.....p.....x.........................................................................................x.................[.................7...........#.....@.................?.....T.................$.....4.......................,........... .....f...................................f.................#.................(.....<...........*.....w...........".......................a.......................A.......................?.......................B.......................E.......................'.....{.......................U.......................J.........................................L.............................g.................>.....i.................z.................^.......................d.........................................i...........=.....S...........T.................- ....{ ..... ..... .....!....S!....y!.....!....."....f"....."....."

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\localization\pt-PT.pak

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):496752
                                                                                                                                                                                                  Entropy (8bit):5.441144108166814
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6144:IsacpqKed3ar/HSSREbKdB4JVJJxhcXNa7o54Cm:EPKekrPSSREfR
                                                                                                                                                                                                  MD5:753B1B692756F0FE53B6DEDE8D1888CE
                                                                                                                                                                                                  SHA1:B094C3487235C313339E83F008F0B75FAC7765D6
                                                                                                                                                                                                  SHA-256:EF8114B2580AA4E7B521874314A41F2976F25B4C0386AD60913611111B5CB7AB
                                                                                                                                                                                                  SHA-512:8FBF6A429265817FFE1A986F761FF51A92949B780155ED206623292081AAB3B191DED036F47CAAE8A41009B62720B802179E52C3ECC84B802EADB66E53D08859
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:.........%..e.....g.....h.....i.....j.....k.....l.....n.....o.!...p.....q.4...r.@...s.Q...t.Z...v.o...w.|...y.....z.....|.....}.....................................................................................&.....8...........L.................*.......................y...........Y.....t..........._.......................j.......................K.....x.................x.................^.................6.................O.....\.................[.....k...........=.........................................i.......................T.......................L.......................\.......................d.......................O.......................(.....~.......................l.................".......................L.......................$.....d.....~.................S.......................s.................B.......................#.....s.........................................m...........H.....`...........P.................5 ..... ..... ..... ....D!.....!.....!.....!....7"....."

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\localization\ro.pak

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):509817
                                                                                                                                                                                                  Entropy (8bit):5.49849407979343
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6144:EPdYjuEEcVjt7NgMs2bh61buj6rXEZK4N8AZqhYpGWKHCAuwooUL:ECyEBVhN1h6DrX3S8AEupG/HwJo2
                                                                                                                                                                                                  MD5:005A99E11F7476A646A3DC3BCCE7A584
                                                                                                                                                                                                  SHA1:2ABC00C2EE2A8BDC70110C582535C47AFD4B3F4A
                                                                                                                                                                                                  SHA-256:0E451350162A38118281FFF76BBDD3CD12A3B5A04EC8B3EAA259AFABF312E687
                                                                                                                                                                                                  SHA-512:B72DAFCC5183ADF310F36DA0A13AED24C88CED9227484DDDDA8CBEB851CDB1B0C2B53D547D178841AC8455A283109FE423C55594769A7DE49B2834C8ECDBFA8D
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:........}%..e.....g.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.#...t.,...v.A...w.N...y.T...z.c...|.i...}.{...........................................................................................................p.................K.................%...................................;.....Z.................0.....<.........................................9.....j...........X.................5.......................g.......................~........... .....:...........J.................%.....l.......................=.....b.....v.................;.....K.................6.....K.................-.....B....................... .....p.......................O.......................j...........2.....L.............................n.......................m...................................3.....s.................%.....;.................R.....m...........1.....q...................................x...........&.....N...........$ ....] ....u ..... .....!....7!....M!.....!....3"

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\localization\ru.pak

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):812569
                                                                                                                                                                                                  Entropy (8bit):4.945155816034797
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12288:IGlU9XBlJfQjRo4YVepEaX+jhvYDfcwwgfhdxDkDtTKAYK2T5rqnjfRQjIvj3jDe:IGlUHlk56HlI
                                                                                                                                                                                                  MD5:056C018007AD175D0CDF09C405309A20
                                                                                                                                                                                                  SHA1:DED584292EE8F9E468F9352BA75AD1FE6285A1A5
                                                                                                                                                                                                  SHA-256:F8FA2BA7A9FD9F64BA80C6CB3CDE2CCB72D3823081037AFA50CEAB9880F479BE
                                                                                                                                                                                                  SHA-512:78D38FD514BC7BFCC8D0A7FB109D2B9AA509FF05428DC2E09F6E2758EAE14BF0E69EA6CCA1F59DA85FEE099884A18897E235077CDEBF46F9CC4147ADC62437B5
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:.........$|.e.~...g.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.*...y.0...z.?...|.E...}.W....._.....d.....l.....t.....|........................................................... .................&.....E.........................................6.....d...........r.......................N.................+.....}.......................#.....~.................p...........1...........}.......................<.................i.....7............................._...........0...................................0.....O...........<.....m...............................................m...................................o.................:.................X.....q...... ....N!.....!.....!....."....."....*#....N#.....#.....$....F$....a$.....$....|%.....%.....&.....'.....'.....'....g(.....(....N)....v).....)....;*.....*.....*....2+.....+....o,.....,.....-.....-.........../....4/....?0.....1.....1.....1.....2.....3....E3....d3.....3....]4.....4.....4.....5....:6

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\localization\sk.pak

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):515841
                                                                                                                                                                                                  Entropy (8bit):5.8288592928168645
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6144:Lf3JM+wEc0amAgCb7HBoh55fLwxdjJ6VcGyJXIk6BCle2cFBt4Ds:Lf3++dcD9FvHBozlLwxd9seXIk6xvt4Y
                                                                                                                                                                                                  MD5:1C8221907D216D783B70D3C3C0A2D77A
                                                                                                                                                                                                  SHA1:D2DC893FC7109DC4560869BB6BD8CE9102FE279C
                                                                                                                                                                                                  SHA-256:5CF9F0D880DEEA644A6BADA0FCD46C8B695F5194A0D85AE06B6468F064080631
                                                                                                                                                                                                  SHA-512:9F03754615D5B47B732C797703B3B1EA43E8E35E2248AA251DFE7072A02C70198D2ABDCBF6F3E71A7C2F52BF6713D0E0B7E75F31FA50906FF3101018CDD1DD35
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:........t%..e.....g.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.4...w.A...y.G...z.V...|.\...}.n.....v.....{.........................................................................................R.................V.............................%.....t................._.......................~.......................y.................5...................................P.....s...........j.................0.......................t.................E...........j.................8.....................................................{.........................................R.......................g.......................x...........&.....9.................E.....X...........r.................'.....u.......................Y.....u.................T.................,.......................n.......................r...................................?.....Y............ ..... .....!.....!.....!....7"....X"....."....)#....X#....l#.....#.....$....=$....Q$.....$....H%

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\localization\sr.pak

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):761766
                                                                                                                                                                                                  Entropy (8bit):4.890722517206804
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12288:dVvHT/9jexqeumgG37m8/k/nZ57LrXZasIfG+10B4snQgkCvCeeD74DMXWvAbvX:b93nbe
                                                                                                                                                                                                  MD5:0EC6F31A25588AD019FF0CCAD579E876
                                                                                                                                                                                                  SHA1:56768A15DD92532FD9EFECEBF106E567FD010A18
                                                                                                                                                                                                  SHA-256:6C784E3E3F95F970B3901B41F8114A411DBA3FEE6671F02AB5EC87502373895C
                                                                                                                                                                                                  SHA-512:1D37E60F41EB89E5FE5161207C98F1923C6637658001011B7F07990EFA3B9E4242EB34C0EA1074A7B7288DBFD64400B6DDE1D80AD91B6AF1AE0C69688FA59C78
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:.........%..e.....g.....h.....i.....j.....k.....l.....n.&...o.+...p.8...q.>...r.J...s.[...t.d...v.y...w.....y.....z.....|.....}...............................................................................@.....e.................D.......................a.............................J.....~.....U...........o...........K...........&.....E...........H.................x...........g.................`...........-...................................h...................................?.....K.....#.............................8.....Z..........._.................H.............................q.......................+.....y...........2 ..... ..... .....!.....!....3"....x"....."....?#.....#.....$....9$.....%.....%....0&....Z&.....&....`'.....'.....'...._(.....(.....)....;).....).....*.....*.....*.....+....J,.....,.....-.....-..........F.....s.....5/...../.....0....C0...."1.....1....#2....T2....A3.....4.....4.....4.....5....\6.....6.....7.....7....[8.....8.....8....Y9.....9.....:.....:.....:.....;

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\localization\sv.pak

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):460956
                                                                                                                                                                                                  Entropy (8bit):5.577281591773483
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6144:LyYzXk8Bn6V9l0p6zigMFIp4gfaVvZWtFi1cVKUI16wxg7mpO6Un/4i054nQUnBS:mYzVp6zt55W
                                                                                                                                                                                                  MD5:2B3638E67085D8280EC7ACB3E2F77AAA
                                                                                                                                                                                                  SHA1:925A502688A8235D6EE9F43E543E87E1EA9D466B
                                                                                                                                                                                                  SHA-256:CB98C2EE6C18D69310752F2223C626B445F80B1435C37247D26579DEB14E0292
                                                                                                                                                                                                  SHA-512:79B60208B4A80CFC4D2D47A9B8366397EC591A57215E95A5770D655D3CCABE17618165BB157B7F1D77B1F50DA67EC311EA3BD091241AAFE0375DAB1895C84B41
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:........`%..e.j...g.r...h.w...i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.+...|.1...}.C.....K.....P.....X.....`.....h.....o.....v.....}.....~.........................................S.................4.................E.....V...........U.................*.......................7.......................7.......................Q...................................G.....g...........".....P....._...........=.....{...............................................q.................3.....R.....e.................9.....G.......................'.......................@.................).....8.......................'.............................w...................................*.....?.......................#.....p.......................B.......................:.......................g.......................V.......................T.......................o...........Q.....e...........Q.......................~.................. ....[ ....y ..... ..... ....E!

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\localization\sw.pak

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):477464
                                                                                                                                                                                                  Entropy (8bit):5.406364835914702
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12288:QTghtFKk4MYXPX/Xn7h/48g5wjCfRdSNULbsd4Crxt8G10fMku:aS3PG
                                                                                                                                                                                                  MD5:72BDCF0979613C0A3BF881BF420A9F72
                                                                                                                                                                                                  SHA1:7307C2D3F923AAD4B2A50FE24AD6CBA196CDA024
                                                                                                                                                                                                  SHA-256:D37F92D0B7F1E4364F739CD88F5DA6515A0C2157DEBB0F328A02FB2E0FB37EA4
                                                                                                                                                                                                  SHA-512:32047727C9723F98FC957AEF9DABDE158D55A736CC35FB89438FCE3328445EBBE30698F5DBAB21D2740D53477DEBE23DEBCFDA9C1784EB165172DC2A4E237CB2
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:........b%..e.n...g.v...h.{...i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.)...|./...}.A.....I.....N.....V.....^.....f.....m.....t.....{.....|.....}...................................]...........,.....B.................P.....b...........U.......................n......................._.......................D.....s.................N.................0.......................}........... .....0.......................$.................%.....9...........H.......................h.......................9.....\.....e.................%.....1................._.....m.................R.....d...........(.....e.....p.................G.....T.................G.....P...........4.....z.................F.....r.................P.......................b.........................................`.......................;.......................I...................................].....q...........S.................<.................. ....n ..... ..... .....!.....!.....!

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\localization\ta.pak

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1210755
                                                                                                                                                                                                  Entropy (8bit):4.149837394368314
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6144:DYsZMTcivEtRlcA2ytm1vYpiMab5hDvScZsUX:DYsZ+vMcA2ytm1vYpiMaDX
                                                                                                                                                                                                  MD5:C8A6156711A4DA7A8F803880FDBB795E
                                                                                                                                                                                                  SHA1:127242BF62947141F5FD4859FC8D02C0B9942C5B
                                                                                                                                                                                                  SHA-256:CB9E02EDE7FFB33729BB29F55A10BA71297B5FEA56372166FF9B15F843CE0399
                                                                                                                                                                                                  SHA-512:1C6F1F3854274FA769C4044D883B2D3DD6DE580EA16C12DF592091D3D08467555324D7445C862FD7B3702224EADC2F32AB5DB718E521E2AFB709FD0C1D274B72
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:........i%..e.|...g.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.(...y.....z.=...|.C...}.U.....].....b.....j.....r.....z.....................................................]...........Q.............................5...........!.............................s...........9.....w.....x.....k.............................6.....^.................%.................0...........a.................8.....~..............................!....d"....=#.....#.....%....O&....L'.....'.....(....h).....).....*.....*.....+....:,....k,....S-...."................../.....0.....1.....1.....2.....3....14....k4....Y5....D6.....6.....6.....7.....8....F9....z9....t:....e;.....;.....<....m=.....>.....?.....?.....@.....A....4B....rB....UC...."D....yD.....D.....E.....F....SG.....G.....H.....I....ZJ.....J.....K....}L.....L.....M....MN....QO.....O....4P.....Q.....R.....S.....S.....U.....W....>Y....vY.....Z.....[.....\.....\....t^....._....J`.....`.....a.....b.....c....\c.....d.....e

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\localization\te.pak

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1110488
                                                                                                                                                                                                  Entropy (8bit):4.396287311100179
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12288:+Pj7McKNR/A/2Tp1wTjJAn8atxuiUN/gJshTWFPsvqdW/3wkAE26KO+ymN8uVyJS:ltR7t
                                                                                                                                                                                                  MD5:036C349B4A36E21BAAB95334BE922954
                                                                                                                                                                                                  SHA1:E8FA95C8FD0C36FF44D6442F27CC21874BF2BE07
                                                                                                                                                                                                  SHA-256:ED7CEC7D0E4291C4CF2D63904553A1AEA608BB290FCAE832050D873C3FF8F50E
                                                                                                                                                                                                  SHA-512:321A64EDC442F12B5DA01CCA1B830593B37434000D46800A33C0064DA381B07A29CA91551F1CEC66374BAF92CA0AFB4EDBA87E555B4073566A975EC532B5EE48
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:.........%..e.X...g.`...h.e...i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z."...|.(...}.:.....B.....G.....O.....W....._.....f.....m.....t.....u.....v.....{.................E...........7...........i...................................l...........S.........................................k.............................F.....~...........n.........................................Q.....E.................X.....O..........."...... .....!....."....."....m$.....%.....&.....'.....'.....(.....)....9)....b*....'+.....+.....+.....,.....-..........X....../.....0....#1....|1.....2.....3.....4....L4....l5....=6.....6.....6.....8.....8....Z9.....9.....:.....;.....<....S<.....=.....>....??....~?.....@....4A.....A.....A.....B....6C....qC.....C....hD.....E.....E.....F....uG....rH.....H.....I.....J....OK.....K.....K....7M.....N.....N.....N....1P.....P.....Q.....Q.....S....-U....^V.....V....!X....2Y.....Y....]Z.....[.....\....,]....|].....^....K_....._....._....Ma....Hb

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\localization\th.pak

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):953395
                                                                                                                                                                                                  Entropy (8bit):4.460122275822538
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12288:q6AwmqEKN9LyZYAFs4FkcSrkIO4kPG1DV+wPqXqWkhI+Tiw1p5M7M3CDb72nC3UB:1A/qEuW4
                                                                                                                                                                                                  MD5:8CCC28E03B3220AB2E24200951E11F10
                                                                                                                                                                                                  SHA1:B6E191394373DB4B2CBDAEFB855A859AACBCDDAD
                                                                                                                                                                                                  SHA-256:EF1C3698B0B70F171009B7B43A05AB430E4C189DB3D14335CC0EF4CEF829E9B7
                                                                                                                                                                                                  SHA-512:376752C2B5BAAF4792BCA4DF5F579C5D153B5A5C0428B04E89E006E5A7DAB005486E940FB59B604A4F923ADCE882D5893F760B867FF67E0AAD4EDC79FE35AC3F
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:.........$..e.:...g.B...h.G...i.O...j.Z...k.i...l.o...o.w...p.....q.....r.....s.....t.....v.....w.....y.....z.....|.....}...............................'.....,.....4.....;.....B.....I.....K.....P.....t.................C.....`.....=........... .............................&...............................................u...........B.....c.........................................@.................C.......................w...........................................................3.....k.....Z...........X.....7........... .....].....)...........D.....e.....%.................4...... ..... ....<!....f!....8"....."....Y#....}#....I$.....$....j%.....%....D&.....&....9'....T'....)(.....(....J)....q).....*.....+....L,....t,.....-.....-.....-....3...........o/...../...../.....0.....0....t1.....1.....2....y3.....4.....4....$5.....5.....5.....5.....6....a7.....7.....7.....8....p9.....9....5:....8;.....<.....<.....<....7>....(?.....?....I@....<A.....A....mB.....B....SC.....C....FD....eD....nE....7F

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\localization\tr.pak

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):489665
                                                                                                                                                                                                  Entropy (8bit):5.657891879003178
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6144:gCtGKD9F94SzOuZqTZJEAEi1aRedEAsQNzC6oDgP+z0zQeg/VThboH7doJiRz:gCt7npAVJTB44oW
                                                                                                                                                                                                  MD5:AE97DD0926475AB9B9F1750EC71D63B8
                                                                                                                                                                                                  SHA1:6D132FB728C0A373679E0F02AF373EA44BA95579
                                                                                                                                                                                                  SHA-256:E4BA3703A3D2122ED175D53735BC7B7A504D8434D81FBA5467B3D61B6DFC6D43
                                                                                                                                                                                                  SHA-512:88FE57976FC97D8C4BC660907E026E5B179DEDC5723601D30DDCC43F3BF20645D9E5390EE877FAD782587FE1F9D8F57B89206E610654677BA8E5B8A88DC75909
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:.........%..e.....g.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.&...s.7...t.@...v.U...w.b...y.h...z.w...|.}...}...........................................................................................0...........S.................2.......................l...........'.....B.................>.....Q.................!.....0.......................%.................'.....I...........<.......................a.......................X.......................~.................X.................(...............................................-.......................'.................).....6.................<.....M.................@.....M.................9.....E.................>.....K...........P.................".....}.................#.....p.......................W.......................x.................4.............................t.................3.............................1.................I............ ....) ..... ..../!....u!.....!.....!....U".....".....".....#....s#

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\localization\uk.pak

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):808127
                                                                                                                                                                                                  Entropy (8bit):4.981921923764849
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12288:I6QAOnQDCYB3IjxA/+BTOOVuuEeq+4uL2uy/h9pbVqhRczCT7g+ZFN:prV6TN
                                                                                                                                                                                                  MD5:855A3DB063868685E8B0936B56F61FB7
                                                                                                                                                                                                  SHA1:B5BB6697DD1A18A0AFBDCC55BDB04917902F17C9
                                                                                                                                                                                                  SHA-256:858C4946308EC6D6A84CE71BC3909A144E19EBCF3B6E635F3414454390D24512
                                                                                                                                                                                                  SHA-512:175BF4CBDCFD1FA0A70451AEE9E2E86266C932884AF19CA0FB15044F453C047539E104B737E744A3773B4F6B7AB67D501865F09E743A6468C1373F100230095B
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:........N%..e.F...g.N...h.S...i.d...j.p...k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.....|.....}.......'.....,.....4.....<.....D.....K.....R.....Y.....Z.....[.....`.....}...................................>.....].......................6.................6.....f.....A...........5...........$.................0...........].............................r.................Y.......................d.......................'.................k.............................d...........%.................O...................................s...........).....H....................... ...........?.................7.............................- ....s ..... ....!!.....!.....!.....".....#.....#....e$.....$....0%.....%.....%.....&.....&.....&.....'....5'.....'.....(.....)....").....*.....*....C+.....+....K,.....,.....,.....-.....-....C................../.....0.....0.....0.....1.....2.....3....I3....*4.....4....t5.....5....e6.....6....K7....n7.....7....u8.....8.....8.....9....S:

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\localization\vi.pak

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):575110
                                                                                                                                                                                                  Entropy (8bit):5.835951255462111
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12288:46qm+cT82arQlksNqziNHXTh731MbvfBv6t2wQghMPj9ysAYgn:46qm+cT8fr7sN8iN3Thr1M7fBv6t7NMk
                                                                                                                                                                                                  MD5:ABD26E341B8CD7E4E1C69328ACD18D1D
                                                                                                                                                                                                  SHA1:8C7C0A53B7ACEE4C57DD8AA3C311B85A3DE2D4F4
                                                                                                                                                                                                  SHA-256:86FC5726176720DADF5D44BB574EE030FD47C076C00A73920F99787FBFBFEEFB
                                                                                                                                                                                                  SHA-512:CF0369CCEC413F1537072F1CD364E2EC61599AC883D2C0EEE344823902E219B02934E9F54A59C118696316CCA7B8ACDCB2C5C220DA46268D4CAC214870E68DBA
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:........2%4.e.....g.....h.....i.5...j.A...k.P...l.[...n.c...o.h...p.u...q.{...r.....s.....t.....v.....w.....y.....z.....|.....}...........................................#.....*.....+.....,...........?.....S.....|...........S...........q.........................................F.................[...........(.....A.........................................*.....=...........\.......................<.................e...........B.....T...........S.................[...........@.....h.......................H.................C.....b...........B.....l.....}...........].................,.......................r.................%.................#.....2.......................<...........!....._.....q.................#.....A.........../.....k................._.......................................... ....{ ..... ....E!.....!.....!.....".....".....#....=#....`#.....#....Z$.....$.....$....y%.....&.....&.....&....h'.....(....f(.....(.... ).....).....).....)....B*.....*.....*.....*.....+....#,....w,

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\localization\zh-CN.pak

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):414027
                                                                                                                                                                                                  Entropy (8bit):6.750090084352974
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6144:s+t5Xn1hU6oRn+XUxTslOOvWaqGD7u+WPVujF:s+ttnbVoRn+XUxTfaqG2+WPVkF
                                                                                                                                                                                                  MD5:1FC6DEB1A7C443B22DBD6B1D0B977186
                                                                                                                                                                                                  SHA1:5CE51A7B5F349EC32EDA9B23C2B654CF7120EB99
                                                                                                                                                                                                  SHA-256:CCF8D13C3A6E8BC7AB00430D59992FFBF5D636E6798336B113DBEC9491F5BCF7
                                                                                                                                                                                                  SHA-512:C97494AAE7CE90CE3A82337223FA601FBEC0228CE3D3588DCB9ED8E52F30E58A856BD3652B7B851EC9FD873F2F5338F7545965F94E40FC0855B67EE4CA2BD35F
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:.........$..e.&...g.....h.3...i.;...j.>...k.M...l.T...m.\...o.b...p.g...q.m...r.y...s.....t.....v.....w.....|.....}...................................................................!.....*.....<.....N.....`...........S.......................f.......................m.......................v.......................u.......................@.....g.....t...........!.....G.....a...........<.....}.................K.......................1.....Z.....f.................L.....^...........3.....q.......................,.....F.............................U.......................2.......................:.............................r.......................P.....x.................).....R.....^...........D.......................4.....T.....h.................5.....L.................'.....9.......................:.............................V.......................V.......................r...........+.....=.................A.....V.................,.....;.............................Y...................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\localization\zh-TW.pak

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):417948
                                                                                                                                                                                                  Entropy (8bit):6.752377502350991
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6144:cySHdYDHoQfk4mzfXrTOexkCkOTYmpUqopbe63l8aTikIbGkw:q9YDIs6zff/pc9eM8/kIbGkw
                                                                                                                                                                                                  MD5:3EB96075245B639038FBFEDA8B179D95
                                                                                                                                                                                                  SHA1:BCCACFB72B6A8D1C1F971BBBF7D2CE6F7876CB7E
                                                                                                                                                                                                  SHA-256:A2179F2C7FEDAC3FE9471FEA7DA1E61D322C14B8955073617BD4B2646BBB8BDF
                                                                                                                                                                                                  SHA-512:1BB6EF5038855DE94C0B6A902C70FF1CC50ADF2891F79027B0462683656C18C9E427A58A43F45CC9042FC5DD39CDACAD30488CB8CAD3BBEE1D86F5648D8BC9C4
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:.........$..e.B...g.J...h.O...i.`...j.d...k.s...l.~...n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.....|.....}...................#.....+.....2.....9.....@.....B.....G.....P....._.....n.....}...........m.......................e.......................Z.......................N.....{.................5.....^.....j.................'.....4.......................$.......................%.....~.......................f.......................U.......................k.................%.....q.......................#.....o.......................:.....].....l.................=.....I.......................&.............................g.......................?.......................0.......................&.....l.......................2.....L.................0.....B................. .....C.............................D......................./.....{.................8.......................s.................$.............................O.............................\...................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\mojo_core.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1747360
                                                                                                                                                                                                  Entropy (8bit):6.468393142271767
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24576:px066ZOPxNM11/XiyM1vj7Qtj9ZOVI0i1eZegzAByOTnVH0p:px066ZWo1/XiX1vjeRZ6I0i1eQsABV2p
                                                                                                                                                                                                  MD5:63ABA71B4FE6495F45F2FF3ADAB42E3B
                                                                                                                                                                                                  SHA1:4CDADE15BA6309C38296C967F81106A345FC94FF
                                                                                                                                                                                                  SHA-256:404B31B77DABBEBEDCDD2F02780576059EA3BCF5CBA2AC6135D981B3D267CD25
                                                                                                                                                                                                  SHA-512:68B19C9D3B154199C518458516F21710B17A005008842CDE8A4F9826CC38BDCDD95C617E00BE5A12B6BE89CDF4095884651693CD09B32937A2A8A3510F0EDC8A
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......f.........." .....b................................................... .......f....`A........................................`...p................................)......X.......8......................(... ...@...........@................................text....`.......b.................. ..`.rdata...............f..............@..@.data................v..............@....pdata...............`..............@..@.00cfg..0............*..............@..@.gxfg....*.......,...,..............@..@.retplne.............X...................tls.................Z..............@..._RDATA..\............\..............@..@.rsrc................^..............@..@.reloc..X............d..............@..B................................................................................................................................................................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\notification_helper.exe

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1360288
                                                                                                                                                                                                  Entropy (8bit):6.464746638304896
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24576:sRPz7q7xTok50XXdatJ8dJ0R9aBbpf4nAhle4m5ALoy9P5K5k:sR77OTok58datJ8dJ0R9aBpRhle4m5Av
                                                                                                                                                                                                  MD5:170A9F163B7AF79A04D2E3042F0DC15D
                                                                                                                                                                                                  SHA1:68F1A7CCCDB34E9AB3B1600AC504FFF55B4F0756
                                                                                                                                                                                                  SHA-256:F4602C5293E8645F699212F831F3567E930B5C2D4D317C58700021667EA0D346
                                                                                                                                                                                                  SHA-512:C2ACBC583ECDCF1C777395D785A61EFD856DD8C8D98511711FB2A11DD9BD05C4B2869F3592198CA27EAF55E7DF721CF5EEAEA53AE9A68FDA990F3C4E4A8B2365
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......f.........."............................@.............................`.......p....`.............................................\...\........0.. ................)...@..............................p...(.......@...........x...h............................text...&........................... ..`.rdata..............................@..@.data...............................@....pdata..............................@..@.00cfg..0............@..............@..@.gxfg...p,...........B..............@..@.retplne.............p...................tls.................r..............@...CPADinfo@............t..............@..._RDATA..\.... .......v..............@..@.rsrc... ....0.......x..............@..@.reloc.......@......................@..B........................................................................................................................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera.exe

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1508256
                                                                                                                                                                                                  Entropy (8bit):6.3613305257387776
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24576:pXR9qeSQ6bJcfTBRaVGuc2uzIGZDyF1VPthv:JOeSDbKLfaVGn25GZwlV
                                                                                                                                                                                                  MD5:F452A15BC7E4392149F6BB2675EAAA59
                                                                                                                                                                                                  SHA1:85CC0A95ECBE0E01D0C47AA4C4D37AA41DF48F20
                                                                                                                                                                                                  SHA-256:B2A73AA659A5901760E6CECF28491386241339C2911481383CE9F119F3EE7231
                                                                                                                                                                                                  SHA-512:50F57F806E81A20B11B32F9692E4514D6D81298DD257DB440D503E3EC5044AB293D5EE72C0971A423FFBFF70009A878F308D0613874F6ADC49C0EB375C1FCC94
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......f.........."..................%.........@.............................`......x.....`.............................................k...Z...P.......8................)...@..........8...................p...(...`...@...........X................................text...+........................... ..`.rdata.............................@..@.data...$...........................@....pdata...............~..............@..@.00cfg..0....0......................@..@.gxfg....*...@...,..................@..@.retplne.....p.......,...................tls................................@..._RDATA..\............0..............@..@.rsrc...8............2..............@..@.reloc.......@......................@..B................................................................................................................................................................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera.exe.sig

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1471
                                                                                                                                                                                                  Entropy (8bit):7.588197287250187
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:+iCNV9ue/BbGNo7H6lah8keReriJ8gLIcO5v4Duvw5HjgTa/mpqtek8KMl:+iCHMepSN078kfipLIckwFj8a/xD8/
                                                                                                                                                                                                  MD5:FDA5BFA1C596D64B1B2AD48B75EB43FF
                                                                                                                                                                                                  SHA1:B9FC5F0E165088E211F744C3D344E6026E1E19A3
                                                                                                                                                                                                  SHA-256:527510AA7313071504D1534467305CF39DB8822F19972E710CDB938B92CC6F09
                                                                                                                                                                                                  SHA-512:672D1145178E3F9A8271E535F38A8590DA51A76B51A0D70ABDFA2B1AEDFFD57C9365E365A9DC62973F691309AC77F71FFF5BEACA981545852418392FA5AEC4F6
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:....0...0................K)..3...[.40...*.H........0}1.0...U....US1.0...U....Washington1.0...U....Kirkland1.0...U....Google1.0...U....Widevine1"0 ..U....widevine-codesign-root-ca0...180627202339Z..280624202339Z0..1.0...U....PL1.0...U....DOLNOSLASKIE1.0...U....WROCLAW1.0...U....Opera Software AS1.0...U....DESKTOP1.0...U....DESKTOP PROD1'0%..*.H........wdzierzanowski@opera.com0.."0...*.H.............0.........x.....jn...)>a.....-} .v...P..S..x.>k{.........Tr..Yo.D....d.....l.v.wU. .A.W5..oor....-Vs.o.......yH.pJ...?.Whs0`....Jb....3/. tl..8c........C..Byq>h..3A8..{..p....\..n...Q.t....0mQ{j......U|.W\...........s!....K...'.....s..s....P..r8..........0..0...U.......`..\../X.l...e....w0...U.#..0....=..tW....!.B.#U).0...U....0.0...U........0...U.%..0...+.......0...+.....y........0...*.H..............D.G....gtpx.......~...v.....c..%.I.....c2Y.Y.....Y^..Aa..A.b.Y.f..Zra*.),K.....n.1r.C...Z...)....W.r.gu.Z....l......S.CF.m.Y...P.W..y.f.\,.$.>...!...FK....j....XHn.

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera.pak

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):46280853
                                                                                                                                                                                                  Entropy (8bit):7.928065777534419
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:786432:/24KKwktJAxBJ69F7OSlKLbNPbGN+ULZBFQM72ekce7AGA2Fql:/2SPtwS9ASYL5bMjLZBuMNEAGA5l
                                                                                                                                                                                                  MD5:D04B4976585BC260313CFACEC9CE41CE
                                                                                                                                                                                                  SHA1:BE0FFFFD4F5F309E17342790C3FF04C58FB64661
                                                                                                                                                                                                  SHA-256:C5A81DFA5BA6F02FAC65817A56B0DCB014AD03C7672710C0D405E4168C7E4D42
                                                                                                                                                                                                  SHA-512:38B5115BDB1F876F2AE7459D6E3891D635FA3C6C15614AC01F42AA57436EC671D484B37C7DD95F5DA02E3C771CD25D576BB28491ABB9A99C5AF119876F87476E
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:..........&.f..N..{.hY..|.<\....&`....8b.....n..........5.....\.................w.......................#.....|.....Z..........A3....A.....A.$..,B|3..-B.6...B6:..6B.?..7BZB..8B#D..9B5E..:B.H...C.K...C.....C....C.....C-....C7....C.....C.....C.....Cx....CZ....C....C.....C.... Ca...!CM....CQ....Cs....Cc....CW....CR....C.....D.....D.....D.....D.....D.....D<....D.....D.....D.....DV....D!....D.....E.....E.....E.....F.....F.....FG....G....G.....G ....G.....G.....G?....G4....G.....G....Gl....G.-...H.....H.....K7K...KiM...L.\...L.c...LJk...L.m...L.t...L.{...L.~...L.h...L.M..^Q...._Q....`Q....aQ*...bQ...cQD....Q.....Q+....Q.....Q'....Q@....Q(....Q/....Q.....Q(....Qp....RF....R.....R....XR'...YR....ZR ...[Rt...\R....]R....^R7..._R.....S.....S.....S.....Sx....S.B...S.L...S.R...S.V...S.e...S.g...S.l...S.o..fSgt..gSOv..hS.y..iS<...jS....kS....lS+...mS....nSu...oSs...pS...qSS...rS....sSf...tS....uS....vS$...wS4....S.....S....S.....S7....S.....S.....S.....S.....S.....S.....S.....SL....S.....S..

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera.visualelementsmanifest.xml

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):317
                                                                                                                                                                                                  Entropy (8bit):4.996593526126476
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6:ejHyaVic4subiL/bWHMjizddDhkQwYZXXKmJfFmkQwYEbghuPYEpwhugVFQ:eF8iDbWHMjizd2O/fbrghuP5whuQFQ
                                                                                                                                                                                                  MD5:E8D8EAA4C2826C083AB9243B5CBD7BF8
                                                                                                                                                                                                  SHA1:534361AE03417DFD14EBD6F961B707C75A2AF41A
                                                                                                                                                                                                  SHA-256:B3213B07F691C812425115428B9D6E0637D488159E0A1C160C8FA8F04DED11F6
                                                                                                                                                                                                  SHA-512:8ECCD5EF54A73E915A39CDEF9768837DD16E49AE27A3AE6428FB346C9C838FD9DBEDC3F40A9094754C770CA2236A0D2DFDE37D22289218D862AF5E8BC15E85E5
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:<Application xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">. <VisualElements. BackgroundColor="#06030D". ShowNameOnSquare150x150Logo="on". ForegroundText="light". Square150x150Logo="Assets\150x150Logo.png". Square70x70Logo="Assets\70x70Logo.png". />.</Application>

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_100_percent.pak

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1239095
                                                                                                                                                                                                  Entropy (8bit):7.95972754669759
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24576:mBaoO0TODS0HLEnbdUlZzy+3u8q1iv75ioDIXi5QUCAXll7deAIS:aaBKODS0oxU33Jq187QXnUbXllY6
                                                                                                                                                                                                  MD5:6BB216A28FD9CCD85FD749E55E0C92EC
                                                                                                                                                                                                  SHA1:A91C639648F0BC8372EB1CEF8E6873383B8A6D58
                                                                                                                                                                                                  SHA-256:4366815F2C74E4505D99A1E14421242F643B70084BD959A671D9C10EC52870FA
                                                                                                                                                                                                  SHA-512:3C050707EBAE92F7A8F40C1934E9CC72FA58EFCFF6402DC5A55B003B6F4C7F9AE6E5F9691FED6DD9ED8516D89FDAAAB1AED7B8DD44A5278210D4FC84E8BA60F3
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:..........3..............n|....nB....n.....n/....n.....nl....ny"...n %...n.'...nU*...n.,...n30...nV2...n.<...n.G...o.J...o.N...o R...o.T...o.U...o.Y...o.Z...o(]...o.a...o.d...o.g...o~i...o.j...o.k...q.m...q.~...q....q.....q.....r5....rV....r.....r.....r.....r*....r;....r.....r.....su....s.....s.....sa....sT....s.....s.....s.... s4....}.....}s....}.....}.....}.....}.....}.....}.....}.....}p....}E....}%....}.....}.....}.....}.....}.....}q....}.....}O....}.....}.....}~....}K....}.....}.....}W....}&....}.....}.....}*....}.....}.....}V....}.....}.....}]....}%....}.....}( ...}. ...}. ...}H!...}.!...}."...}{"...}~$...}.-...}./...}.2...}.8...})C...}.D...}.M...}.S...}HY...}.^...}.e...}Dg...}.k...}.o...~<y...~\|...~.....~.....~8....~p....~.....~>....~.....~.....~o....~....~.....~....~.....~.....~.....~b....~9....~.....~=....~.... ~O..."~....#~....%~F...&~....(~9...)~.....~9...0~....1~....2~....J~....K~w...L~Y...M~....N~....S~t...T~....U~+...V~....W~s...]~a...^~=..._~....`~....a~....b~O...c~..

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_125_percent.pak

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1328808
                                                                                                                                                                                                  Entropy (8bit):7.9579241990480005
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24576:3P6edh+WS0HLEnbdU4ZzXANTEXla0hm0gfnbxrcmuwz5QUCAXllIdeAIS:3Pjr+WS0oxUwtXla83gPbJcmuwGUbXl0
                                                                                                                                                                                                  MD5:AE90D46CAA560E263993E0A0C9957DCF
                                                                                                                                                                                                  SHA1:D6BAD10C90CA43C29629B0D2140A71DEE4A899DF
                                                                                                                                                                                                  SHA-256:6B5C769969449428FB06AD80DD739EC1D217B2F948A5E63640AD596BD1B386E9
                                                                                                                                                                                                  SHA-512:04B06AF80EB33D20E6679D88C759EA719F6D77D85A44152A9A078951C6BC8B04FD8F0CF4336A8DFD28DC64FF9559C873D4A582C11862642C81AE4D8C103921CE
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:..........+...@..........}N....}.....}.....}.....}&....};....}t....}.....}.....}.....}.....}.....}D ...})!...}."...}."...}.#...}.$...}.$...}#%...}.%...}.&...}~&...}v'...},(...}-)...}.)...}.+...}.+...}.,...}.-...}.....}[/...}n0...}(1...}.2...}.2...}.3...}}4...}.4...}U5...}.5...}-6...}.6...}.7...}.7...}.8...}.8...}.9...}$;...}fD...}oF...}.I...}.N...}.Z...}.[...}.d...}.j...}Zp...}.u...}.|...}z~...}.....}.....~.....~....~%....~.....~....~.....~M....~....~.....~M....~A....~.....~.....~.....~.....~.....~.....~.....~k....~.....~.....~.... ~...."~....#~....%~....&~j...(~....)~U....~....0~....1~{...2~....J~....K~i...L~W...M~....N~....S~....T~`...U~....V~W...W~%...]~....^~. .._~. ..`~.!..a~t"..b~I#..c~.$..d~L%..e~N&..z.O'..{..'..|..(..}.l(..~..)....M*....&+.....,.....,....'-....}-.....-....;..................5.....8.....9.....:.....:....6;.....;....g<.....<.....=.....=....k>.....>....C?.....?....}@.....@....GA.....A.....B.....B.....C....\C.....C....RD.....D....#E.....E.....E....dF.....F....!G

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_150_percent.pak

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1491052
                                                                                                                                                                                                  Entropy (8bit):7.958919955862812
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24576:W16edh+zS0HLEnbdUJZzL346KDcG3ZXsRGmXa/S7wG/Tc9Yr87PD2R5QUCAXllI9:Qjr+zS0oxUXNKMRnB0Gbcq8P24UbXl29
                                                                                                                                                                                                  MD5:80C31A11532961E2605B5E24E1130F19
                                                                                                                                                                                                  SHA1:320E01C1A087AEAE53B7FF4A2D768769EAE8BFF6
                                                                                                                                                                                                  SHA-256:C5ABA2448D81EB7A230DC4826B8F4ACDA3A1169F8DFFD32E373FB12491943FD2
                                                                                                                                                                                                  SHA-512:A4AC935DDF2B4B3677D1BA5BF97D6C0B905E174C2789D7BD2E5506FEA1B3123E1C52871A973EE872C33BFB3E64F69C8846F6DC84B3FC109A7650E8F952727D4A
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:..........+...@..........}N....}.....}.....}.....}(....}\....}.....}.....}t....}.....}.....}$ ...}.!...}."...}.#...}.$...}Y%...}.%...}c&...}.&...}i'...}.'...}A(...}o)...}R*...}.+...}u,...}.-...}.....}./...}.0...}%2...}.2...}[4...}05...}}6...}Y7...}.8...}.9...}.9...}h:...}.:...}@;...}.;...}.<...}.<...}"=...}.=...}(>...}7@...}yI...}.K...}.N...}.T...}._...}.`...}.i...}.o...}mu...}.z...}....}.....}'....}.....~.....~....~8....~)....~....~.....~`....~.....~.....~`....~T....~.....~.....~.....~.....~.....~.....~.....~~....~.....~.....~$... ~...."~....#~....%~....&~}...(~....)~h....~....0~....1~....2~....J~....K~|...L~j...M~....N~2...S~....T~....U~_...V~....W~....]~.$..^~.%.._~b&..`~8'..a~.(..b~.(..c~.)..d~.*..e~.+..z..,..{.A-..|..-..}.....~......../.....0....t1.....2.....2.....2....M3.....3.....4....T4....t:....j>.....>.....?.....@.....@....>A.....A....oB.....C....dC.....C....VD.....D....OE.....E....GF.....F....)G.....G.....G....rH.....H....II.....I.....J.....J.....K....hK.....K....<L.....L

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_200_percent.pak

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1927437
                                                                                                                                                                                                  Entropy (8bit):7.961463228159488
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:49152:Cv+jrOK9S0oxUU/8ZOo6A5xI5ieR3Ynb+EUbXl2Y6:c+uK9S0oxUUkZO05G5ieR3hb+
                                                                                                                                                                                                  MD5:E5070408225329F07D264030949291A5
                                                                                                                                                                                                  SHA1:26855EDEB182F0330503203785A276E1C2C68448
                                                                                                                                                                                                  SHA-256:1E3A193C554C77C4C262240A8FD0C462D3E3C49BA104E4A8AA6A1BD2A4534456
                                                                                                                                                                                                  SHA-512:43EAE65C24868310A04D7EFE913249C5E88269DB809B62F1DE522C95EDD6BC325C929518CA2CFECFD4EB1F4E1C2E43958A13A524A92300F8AEA8A8BDE36F5DFF
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:..........3..............n.....n.....n."...nk(...n.+...n.,...nb3...n.8...n.;...n.C...n[G...n.O...n.S...n.h...n.|...o....oI....o.....o5....o....o'....ol....o.....o2....o;....o.....oM....o.....o_....q.....qj....q"....q.....q.....rA....r,....rV!...rJ$...rO'...r.*...r.....r.2...r36...s.:...s/;...s.<...s.=...s.>...s.?...s-@...s.... s....}.....}.....}.....}W....}....}K....}.....}.....}.....}.....}.....}f....}1....}....}.....}+....}.....}.....}.....}.....}l....}....}D....}O....} ....}G....}.....}*....}....}.....}....}....}.....}....}.....}.....}.....}.....}x....}.....}P....}.....}(....}.....}.....}t....}.....}T....}]....}.....}.....}.....}.....}.....}.....}H....}.....}.....}h....}.....}.....~.....~.!...~.*...~.....~.7...~.A...~;F...~.G...~.P...~;Y...~.[...~.^...~;b...~Pi...~hj...~.q...~Pv...~.y...~.}...~N....~L....~9... ~Z..."~K...#~s...%~p...&~....(~....)~C....~....0~....1~....2~....J~....K~....L~....M~....N~q...S~....T~2...U~....V~....W~....]~....^~...._~....`~$...a~H...b~i...c~].

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_250_percent.pak

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1715704
                                                                                                                                                                                                  Entropy (8bit):7.9590700496530244
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:49152:1Wjr+2FFURBgoY8jL/nU2SZ17nnVgJ9VBIUbXl2Y6:ovvYBc8jLUnnnCl5b+
                                                                                                                                                                                                  MD5:05C3CEE6F170D9B39AE4A70A34219110
                                                                                                                                                                                                  SHA1:6AB935FAC492BFC53941680A46C8DFC051CC4D1B
                                                                                                                                                                                                  SHA-256:8FF96168C2ED1427FEE7825712DBFF9BD7A90BB1D1E16DA40F33520FA28F84E2
                                                                                                                                                                                                  SHA-512:1EA096D227285A9C45DD73828D0FB47BCF149E6D92EFDAA2BFE309DFDE6798EC39459F67D75D67761174EA6E597EE66A9E7E876AA4CC159460915FDE9277C00F
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:..............D..........}R....}.....}f....}<....}.....}.....}.....}.....}o....}H ...};"...}-$...}o&...}z(...}.*...}.,...}6-...}.-...}.....}.....}.....}j/...}./...}.0...}.1...}.2...}.3...}.5...}.6...}.9...}F:...}M<...}.=...}.?...}.@...}.B...}.B...} D...}.D...}TE...}.E...},F...}.F...}.G...}pG...}.G...}.I...}7S...}@U...}.X...}.]...}.h...}.j...}.r...}.y...}+....}.....}.....}K....}....}....~g....~.....~.....~....~.....~.....~.....~.....~.....~.....~.....~.....~{....~.....~e....~.....~.....~Y....~<....~.....~X....~.... ~...."~....#~c...%~....&~;...(~....)~&....~....0~....1~L...2~]...J~n...K~:...L~(...M~....N~}...S~S...T~. ..U~"#..V~.%..W~.*..]~|/..^~d0.._~%1..`~.1..a~.2..b~.3..c~f4..d~.5..e~.6..z..7..{..8..|.g8..}..8..~.t9.....:.....;....Z<.....=.....=.....>...._>.....>.....?....f?.....E....|I.....J.....J...."K.....K....PL.....L.....M.....N....vN.....N....hO.....O....aP.....Q....YQ.....Q....;R.....R.....S.....S.....S....[T.....T.....U.....U.....V....zV.....V....NW.....W.....W....UX.....X

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_autoupdate.exe

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):5751712
                                                                                                                                                                                                  Entropy (8bit):6.5199587486672534
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:98304:mqmIsQm31zyKigisqOZMrzeCtQrHs/KXYHo5n9:S/ifFWCtQrHFJ
                                                                                                                                                                                                  MD5:6026F4719045033EFD7EC6127ED6370C
                                                                                                                                                                                                  SHA1:E77E63753E2E39A220DECBB07454878DC8DEA427
                                                                                                                                                                                                  SHA-256:4FD8C460B0BB0A976D5E01275BA0AFDEF02FFBFF760CD2CD2981EA6E3FC045E5
                                                                                                                                                                                                  SHA-512:A169D19871433F423FD8A53CBB256DD01D5200D7622C96BE4A65695187B77AC610A82BC5E75FEE7A7779FFC0FFAA67F0362EEAD5EBA028EE15E987EDB928EC62
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......f.........."......VG..*......`..........@..............................Y.......X...`..........................................QQ.Y...<RQ......PX.0I...@U..B....W..)....Y..A..|.Q.8...................P.Q.(.....G.@............dQ.....XQQ.@....................text...EUG......VG................. ..`.rdata..(....pG......ZG.............@..@.data...\.....R......bR.............@....pdata...B...@U..D...tS.............@..@.00cfg..0.....W.......U.............@..@.gxfg...@5....W..6....U.............@..@.retplne......W.......U..................tls....i.....W.......U.............@...CPADinfo@.....X.......U.............@...LZMADEC.......X.......U............. ..`_RDATA..\....0X.......V.............@..@malloc_h.....@X.......V............. ..`.rsrc...0I...PX..J....V.............@..@.reloc...A....Y..B...XW.............@..B........................................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_autoupdate.licenses

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):14004
                                                                                                                                                                                                  Entropy (8bit):5.037159328058129
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:SrNYrOXburxrs4rsFm1DLTryOibEYI3WSOZzxrsCrsRm1DLY7/ymu:KYXtBLDLTryLQ4ZllRDLs/ymu
                                                                                                                                                                                                  MD5:2528B26988213FE5C0EE9CE75ACC2935
                                                                                                                                                                                                  SHA1:D45F0A12E3E0DE6137AE389C7DD680295ADA2A68
                                                                                                                                                                                                  SHA-256:42E58027E502EDAE71B2065ED0A6AB057907C41124C220E54AB75EAA84B0B0E7
                                                                                                                                                                                                  SHA-512:F99295BD23D475D854DD872521F385568EDF28E4DB778F82A03F00FCD7061394A48D3C1644B5817FADFA31BDBCB53AD131ABDB6DD11F8E615020C26A1A970F72
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:This software includes the following third party libraries/code portions:.. - libcurl, which is covered by the following license:..COPYRIGHT AND PERMISSION NOTICE..Copyright (c) 1996 - 2012, Daniel Stenberg, <daniel@haxx.se>...All rights reserved...Permission to use, copy, modify, and distribute this software for any purpose.with or without fee is hereby granted, provided that the above copyright.notice and this permission notice appear in all copies...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR.IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,.FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. IN.NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,.DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR.OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE.OR OTHER DEALINGS IN THE SOFTWARE...Except as contained in this notice, the name of a copyright

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_autoupdate.version

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):6
                                                                                                                                                                                                  Entropy (8bit):2.2516291673878226
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3:SWhv:SW5
                                                                                                                                                                                                  MD5:0589F66713BC44029A1A720B9A0D850D
                                                                                                                                                                                                  SHA1:2FDF7D04F0372055C9D77CA43D9A3C08798905F3
                                                                                                                                                                                                  SHA-256:64D23F858EF51B0F996E4966D4E27C0371B437E2D2787890B1F7AD22D4EC5663
                                                                                                                                                                                                  SHA-512:31B29544FC93EAC2109CD1E4A617B5D5CB361C0BA608A954E873A64648E93DD65C7B4AED7F4B687F85C47E9909852FEC93B224D929BABDE1E0145A58DEA33634
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:1.3.0.

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_browser.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):223398304
                                                                                                                                                                                                  Entropy (8bit):6.694033457487399
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:1572864:edI8YpGrhSc2ICUvHkTZe8yPFIrDFX9IaEvozr4kZiG3pDBpvBFvcW3IFADrgkAk:LXczMZraIfd153kmkudkRop
                                                                                                                                                                                                  MD5:EC101D58BA5B650EB3BECBA59DF88948
                                                                                                                                                                                                  SHA1:CA194DAB14CC3BE542C7DAFF81F8D8635BDF4454
                                                                                                                                                                                                  SHA-256:8B7A253E2A417EFCB665D451D145A0083BB365174C3CED3DB947D07BFC4729EB
                                                                                                                                                                                                  SHA-512:1CF5B10C05BF3D135194D22011940732BAB8830E806F1B116D8544B0640210B82D9FFD1A9769CE6747B6F8396144FA5777BF4978E3C2B8DE1CB67356452CB944
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......f.........." ......d..l......`...............................................n.Q...`A.........................................S.......T..|...........p?.$.Q...P..).............8......................(....Hd.@...........hj.. .......`....................text.....d.......d................. ..`.rdata..HCu.. d..Du...d.............@..@.data...X.e..p.......T..............@....pdata..$.Q..p?...Q.................@..@.00cfg..0.............8.............@..@.gxfg....C... ...D....8.............@..@.retplne.....p........8..................rodata...............8............. ..`.tls..................8.............@...CPADinfo@.............8.............@...LZMADEC...............8............. ..`_RDATA..\............9.............@..@malloc_h..............9............. ..`.rsrc................9.............@..@.reloc................9.............@..B................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_browser.dll.sig

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1471
                                                                                                                                                                                                  Entropy (8bit):7.60292803857349
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:+iCNV9ue/BbGNo7H6lah8keReriJ8gLIcO5v4Duvw5HjgTa/5//RlhQc76Noijqp:+iCHMepSN078kfipLIckwFj8a/dRlhQa
                                                                                                                                                                                                  MD5:356A1EB1B67C9594AD6792B71C66D794
                                                                                                                                                                                                  SHA1:9E90D39021EB8DADEBA699AF80353FF73EC64646
                                                                                                                                                                                                  SHA-256:20B89E3E54F87BD4C3FDDD2F7195EBA41AA101B9E873A73FED091A6134517EB2
                                                                                                                                                                                                  SHA-512:CC1D4059F0FBCD203A80347E258A045B9169AC33F060ED2BE01F4B792AE2DED661A14DD533CF4E6CDAD25932529AA4095A78EFA1FD327A49C04878926B853859
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:....0...0................K)..3...[.40...*.H........0}1.0...U....US1.0...U....Washington1.0...U....Kirkland1.0...U....Google1.0...U....Widevine1"0 ..U....widevine-codesign-root-ca0...180627202339Z..280624202339Z0..1.0...U....PL1.0...U....DOLNOSLASKIE1.0...U....WROCLAW1.0...U....Opera Software AS1.0...U....DESKTOP1.0...U....DESKTOP PROD1'0%..*.H........wdzierzanowski@opera.com0.."0...*.H.............0.........x.....jn...)>a.....-} .v...P..S..x.>k{.........Tr..Yo.D....d.....l.v.wU. .A.W5..oor....-Vs.o.......yH.pJ...?.Whs0`....Jb....3/. tl..8c........C..Byq>h..3A8..{..p....\..n...Q.t....0mQ{j......U|.W\...........s!....K...'.....s..s....P..r8..........0..0...U.......`..\../X.l...e....w0...U.#..0....=..tW....!.B.#U).0...U....0.0...U........0...U.%..0...+.......0...+.....y........0...*.H..............D.G....gtpx.......~...v.....c..%.I.....c2Y.Y.....Y^..Aa..A.b.Y.f..Zra*.),K.....n.1r.C...Z...)....W.r.gu.Z....l......S.CF.m.Y...P.W..y.f.\,.$.>...!...FK....j....XHn.

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_crashreporter.exe

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2019744
                                                                                                                                                                                                  Entropy (8bit):6.456166206988825
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24576:4nTUn+xuNvmBCj9oEW7ENs/FuLHFCtiAuvJqqc1KqIhij:MUnpMCj9oEWINuFwYZu81Kq3j
                                                                                                                                                                                                  MD5:26DF88B2E68E23B60C0EEAB3E29496BB
                                                                                                                                                                                                  SHA1:A4C4143F1C77152AE630095349CB3B5721540A0D
                                                                                                                                                                                                  SHA-256:8150D0716C91ED7009589FBE83A5838A28DE2E54670316E03F67C41C8372E7C5
                                                                                                                                                                                                  SHA-512:8EE65F98BEDF0EAA383FCE64E97361B59F171168CE4966A02D4338340F9AEA5910ED7251D4F417AB4F061FFF7E67DEBF9EA1DFB6214A6C1A53F81DC121AF867F
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......f.........."............................@.............................p ...........`............................................\...7........@..........x........)...P .....\...8...................0...(.......@...................P...@....................text............................... ..`.rdata..............................@..@.data....4..........................@....pdata..x............t..............@..@.00cfg..0............D..............@..@.gxfg...@........0...F..............@..@.retplne.............v...................tls.................x..............@...CPADinfo@............|..............@..._RDATA..\.... .......~..............@..@malloc_h.....0...................... ..`.rsrc........@......................@..@.reloc.......P .....................@..B................................................................................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_elf.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1220512
                                                                                                                                                                                                  Entropy (8bit):6.448142824604581
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12288:pODpjhQ4p3rzwkhsvAz4o99GSmGqccp3TMmwU587MPs4z7oM5WQ:4hQ4l/w8o2YSmGZcNkU5MMR7tWQ
                                                                                                                                                                                                  MD5:1E518D559ABEC131353B1FB63EAB2D8D
                                                                                                                                                                                                  SHA1:C59E194D5DDCEEE80C22D3AAD69C274657D6C5F5
                                                                                                                                                                                                  SHA-256:538C4D89D3C913274C7E1BCEECD258C5655060777C51517A64906BA44D086527
                                                                                                                                                                                                  SHA-512:ED70751D3EDD24BD6E52B8A46A669FC75DA1B96245AAB9832337725E935634BF38791FF75F50FB77BD26B5689C841AE2E6E11101AABEF2078835987A22D3FAB0
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......f.........." .........X...... ...............................................a<....`A......................................... .......!..(....................v...)......,.......8...................`...(...PB..@...........X&..@............................text............................... ..`.rdata..4....0......................@..@.data...4...........................@....pdata..............................@..@.00cfg..0....p.......(..............@..@.gxfg...0,...........*..............@..@.retplne.............X...................tls.................Z..............@..._RDATA..\............\..............@..@.rsrc................^..............@..@.reloc..,............`..............@..B................................................................................................................................................................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exe

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2231200
                                                                                                                                                                                                  Entropy (8bit):6.6542683351838265
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24576:2iuC/Os/yq4JYFuP57uMgph4UtmDnPPb98dilWN+cBzCUBhVBigOkzM4SepS8aBv:2iuC/fR4JYFuPVo4TnPm11QgfoeyN
                                                                                                                                                                                                  MD5:706FE814240C22A6CB09FBF48CB86020
                                                                                                                                                                                                  SHA1:B0DEECB9F27A558982E76D122CE626C531078173
                                                                                                                                                                                                  SHA-256:5CAE37D83EEB427AAA0DC7EEFDB71F75B069F1A5502D5FC08C08DEC1237483A1
                                                                                                                                                                                                  SHA-512:391D8704B6B7C3A789B1AE2208FFF2935DEDD66594A6CAE1CD4B3C0E666F59DE58E83340A6AABFB828DDBBB0B51A39C3A5950CE3FA20D21611508F76F5C2D530
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......f.........."......<.....................@.............................`#......."...`..........................................8..X....9...........M...........!..)...@#.....,6..8....................5..(... c..@...........@@..`....8..@....................text...A;.......<.................. ..`.rdata..@....P.......@..............@..@.data...t...........................@....pdata.............................@..@.00cfg..0............J..............@..@.gxfg....*.......,...L..............@..@.retplne.............x...................tls.................z..............@..._RDATA..\............|..............@..@.rsrc....M.......N...~..............@..@.reloc.......@#.......!.............@..B................................................................................................................................................................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\013E742B-287B-4228-A0B9-BD617E4E02A4.ico

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):5430
                                                                                                                                                                                                  Entropy (8bit):3.286080774872623
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:kfU8lE64vL97BnB/uBqKRxWo1suMbXWGG8Q:Q4vBFWx88B
                                                                                                                                                                                                  MD5:91A97B1678EA6F166A6ADF4370BEC2E6
                                                                                                                                                                                                  SHA1:2D4B52234F490887463B75DB53983F7133C6E46A
                                                                                                                                                                                                  SHA-256:1AC6DBE3F6EE18BAA94EF8660B41528F7B8EF79148BC7B58C21485B85476A9A9
                                                                                                                                                                                                  SHA-512:9D0855444968B4F4A777CE690776EAB00BF0DAA6AFD01B52BE96DFF2305572C133E1141FC79C07BC8DD4C739EC330813A7A737D7A7BAECEB46EBC35D33AB834A
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:............ .h...&... .... .........(....... ..... ......................................... @. .>...?...?...?...?...>...@.@........................ @...>...?...?...?...?...?...?...?...?...@.. @.............. @...?...?...?...?...?...?...?...?...?...?...?...?.. @...........>...?...?...?...?...?...........?...?...?...?...?...@.......@.@.?...?...?...?...?...?...........?...?...?...?...?...?.. @. .>...?...?...?...?...?...?...........?...?...?...?...?...?...?...?...?...?...?...?...?..+K...........?...?...?...?...?...?...?...?...?...?...?...?...?..........Uo...?...?...?...?...?...?...?...?...?...?...?...?..+K..........c{......r....?...?...?...?...?...?...?...?...?...?..............9W...........?...?...?...?...?...>...?...?...?...?..........+K...?..........9W...?...?...?...>...@. .?...?...?..Uo...........?...?..9W...........?...?...?...@.@.....>...?...?..........+K...?...?...?..........9W...?...>...........@...?...?...?...?...?...?...?...?...?...?...?...?...@...............@...>...?...?...?

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\07593226-C5C5-438B-86BE-3F6361CD5B10.ico

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1150
                                                                                                                                                                                                  Entropy (8bit):4.560345262666608
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12:Xg2aJpCnnYdmnnnnnL5S1Mk/UUUUAODLMRtJ178FNffwuGN7lOzQOnA+zzzzzzzf:X4Ra5S1M2UUUUxL6AfqUg+zzzzzzzM3s
                                                                                                                                                                                                  MD5:74FDAC19593602B8D25A5E2FDB9C3051
                                                                                                                                                                                                  SHA1:81DB52E9AD1BE5946DFFA3C89F5302633A7698D2
                                                                                                                                                                                                  SHA-256:F06EBEF0B912B94D7E0AF3915F2A6B6B64F74CB60BC8AAA1104C874761A0DEE6
                                                                                                                                                                                                  SHA-512:8FFB507E46C99F1FEDE3F12C14998CD41AFA8CFC5C815756343041F1BEF6FAF7BA4429CEBEB87B0FB807D911F5516D235D5F893E519576B1FB675D25D025C21B
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:............ .h.......(....... ..... ..........................xO~.xO.xO..xO..xO..xO..xO..xO..xO..xO..xO..xO...x...x...x...x..yO.t...x...x...x...x...x...x...x...x...x...]..yO{..x...x...x..{R...z...z...z.................................|S..{R...z...z...V...|...|...|.......|...|...|...|...|...|...|...h...V...|...|...[...~...~...~.......a...a...a...a...a...a...~...|..._...[<..~...a..................................................v...a.......i..............................................p...if..q......j..j..j..j..j..j...........................q...y..............................o........................y.................................u........................f................................|...............................................................................<...............................................................................................................................................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\0CD5F3A0-8BF6-11E2-9E96-0800200C9A66.ico

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:MS Windows icon resource - 4 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):17542
                                                                                                                                                                                                  Entropy (8bit):2.247918084411713
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:9dLhJ6/f2dh+xQLeZ10TLwhwOHae6nmErcglsIZS3F:3jaOdhQQu0TLwaOHEr6IZ
                                                                                                                                                                                                  MD5:CA6619B86C2F6E6068B69BA3AADDB7E4
                                                                                                                                                                                                  SHA1:C44A1BB9D14385334EB851FBB0AFB19D961C1EE7
                                                                                                                                                                                                  SHA-256:17D02E2DB6DBEDB95DD449D06868C147AC2C3B5371497BCB9407E75336A99E09
                                                                                                                                                                                                  SHA-512:30F8F8618BFBCD57925411E6860A10B6AD9A60F2A6B08D35C870EA3F4CEC4692596A937FF1457CEFF5847D5DA2B86CEBA0200706625E28C56A2455E6A8C121D3
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:......00.... ..%..F... .... ......%........ ......6........ .h....@..(...0...`..... ......%.........................................E...................................................................................................................................................?...................................$...........................................................................................................................................................................................B............................................................................r...P..........................................................................................9...............-........................................................r...................................................>......................................................................$..............................................................................................................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\1AF2CDD0-8BF3-11E2-9E96-0800200C9A66.ico

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1150
                                                                                                                                                                                                  Entropy (8bit):3.17081824784348
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12:Rf/uA/659Q444gqiz40zVKir4YiqT9944bUq4k4bUq49k44bUq4pa2q4CTGhUIcG:RuLKOUVKiNiYWS3hW2QK2IaqWI5
                                                                                                                                                                                                  MD5:64AD26B9B9D8E4DA8CD564FE4843E65F
                                                                                                                                                                                                  SHA1:9D1D05134F36EBA77ED18F725BC0CA2121FA2686
                                                                                                                                                                                                  SHA-256:E5DCCC694E7F34DAF334B3A48B68DA450D5B34FE8A4E06842D864E99F400770A
                                                                                                                                                                                                  SHA-512:5F77BF6EC0D46C99E02A268E63587C9CD552B61FDB55ECE3955B50CC470EC103B06B2360EDA86BD49AA45458E1885F7A4E8256DA7B47DC8B8B343BCEF5CDCEA1
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:............ .h.......(....... ..... .....@.......................................................................................................................................................................LVZ.G\e.................................................3u..PPP.PPP.PPP.PPP.:m..........................................Bbn.3w..OQR.PPP.PPP.PPP.NRS.+...................................PPP.E^g.....4t..PPQ.PPP.PPP.PPP.G\c.............................PPP.PPP.Cam.........9n..PPP.PPP.PPP.PPP.........................PPP.PPP.PPP.............6r..PPP.PPP.PPP.........................PPP.PPP.PPP.........LUY.PPP.PPP.PPP.PPP.........................PPP.PPP.PPP.....1y..PPP.PPP.G\d..|..............................PPP.PPP.PPP.....?gv.(...........................................PPP.PPP.PPP.....................................................PPP.PPP.F]e.....................................................PPP.Cal.'.....................................................................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\1CF37043-6733-479C-9086-7B21A2292DDA.ico

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:MS Windows icon resource - 3 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):15086
                                                                                                                                                                                                  Entropy (8bit):2.6549496934735806
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:jjXowmb64P5OOhw4SLGepPIOV+ZCreBKWoxBRAZLSFEnZIi:HYw85Of4SppQsaIJaRI
                                                                                                                                                                                                  MD5:0342F103B6960E1565D24EABD5A6079D
                                                                                                                                                                                                  SHA1:7C6C7EF5E86A83BC7FD75729BD641244CFFC8CB4
                                                                                                                                                                                                  SHA-256:F92DC912529EB9D75655DC9C41557D2AF532425D1A6C8BAFB0879109C850F955
                                                                                                                                                                                                  SHA-512:E37D8445CE9E0AE80E1519A11831075994F1F3255A85E8883F1CC171204DD3A4CC9560655E54F1AA27B4602A44B1FB4711AE352942319D6F0714F17AB48EB2D4
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:............ .h...6... .... .........00.... ..%..F...(....... ..... ..........................^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..]0..T$..T%.._2..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..........\...^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..[-..........}..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1...g..........Y*..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..W'..........g=..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..]/..............^0..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..wQ..........V'..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..V'..........wQ..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..^0..............]/..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..g=..........W'..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..Y*...........f..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1...}.........[-..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..\/..........^1..^1..^1..^1..^1..^1..^1..^

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\2A3F5C20-8BF5-11E2-9E96-0800200C9A66.ico

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:MS Windows icon resource - 3 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):15086
                                                                                                                                                                                                  Entropy (8bit):2.1885512297205745
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:WzjWBglIZ/GjtT33fW57FL0ZyeaCRZi+/vL:Wzw/U/W579AXpL
                                                                                                                                                                                                  MD5:2C40ED190AA02EB3A2CDC38B89F4458D
                                                                                                                                                                                                  SHA1:F6E1F3E63098CCB207CBCF5127B7619AD294A4E2
                                                                                                                                                                                                  SHA-256:FB15A61B133EC3333B377B947059550EC69304F0F9DA6FB333A54048F3E04E5D
                                                                                                                                                                                                  SHA-512:1068EE61996222DCCD50C007BDC4A99D83DCC928E22AE845D27419952854A21B716878815FDA5747B75F1226DBC478F67AD9FCF177F80E326695D603B7FE7FAE
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:............ .h...6... .... .........00.... ..%..F...(....... ..... ................................a...................................................a.......a...........................................................a....................................................................................................mmm.>>>.............................................FFF.............999.....................................,,,.kkk.............'''.....ddd.............................................MMM.............fff.............................BBB.TTT.........kkk.................yyy.........................................###.///.............JJJ.....................YYY.===......................................................................... .........BBB.............;;;.............@@@.............GGG.............:::.CCC.............PPP........................................................................................................................................a......

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\2F8F0E41-F521-45A4-9691-F664AFAFE67F.ico

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):5430
                                                                                                                                                                                                  Entropy (8bit):3.2795862597625223
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:E9fPpk2cvduCWCiNSvjayBnHhtg4tlyQtaPkhb8GAoYFbKtgZaI5zQh6zKUtGUNQ:kfWFuCWq7BnB/iQ4PkhgDF+CZaRGG8Q
                                                                                                                                                                                                  MD5:93E4504D4C585CFDA1979B37E75FE39A
                                                                                                                                                                                                  SHA1:5D4296F36E878B263C5DA6AD8ABD6174E4DFF5D8
                                                                                                                                                                                                  SHA-256:69AAAB4B888C83B3F77D524313F9383D9EDAA73E4AF111A7A637E9F84A1609D7
                                                                                                                                                                                                  SHA-512:072638BEE318F5E15AF53CF3F9EFD9156AA4836C40E8FB5F1F856706331CB11B528DFEBE8E88713FC7146FEFB1E66A614CFF2F4E87676D886D2F09D945CBD1A0
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:............ .h...&... .... .........(....... ..... ......................................... @. .>...?...?...?...?...>...@.@........................ @...>...?...?...?...?...?...?...?...?...@.. @.............. @...?...?...?...?...?...?...?...?...?...?...?...?.. @...........>...?...?..........r....?...?...........?...?...?...@.......@.@.?...?...?..+K..........9W...?...........?...?...?...?.. @. .>...?...?...?...?..9W...........?...........?...?...?...?...?...?...?...?...?...?..9W.......................?...?...?...?...?...?...?...?...?..+K...............?...........?...?...?...?...?...?...?...?...?...............?...?...........?...?...?...?...?...?...?...?...?..........+K...?...?...........?...?...?...?...?...>...?...?...?..........Gc...?...?...........?...?...?...?...>...@. .?...?...?..Vo..............q............?...?...?...?...@.@.....>...?...?...?..Vo.......................?...?...?...>...........@...?...?...?...?...?...?...?...?...?...?...?...?...@...............@...>...?...?...?

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\3B6191A0-8BF3-11E2-9E96-0800200C9A66.ico

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:MS Windows icon resource - 2 icons, 32x32, 32 bits/pixel, 16x16, 32 bits/pixel
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):5430
                                                                                                                                                                                                  Entropy (8bit):5.6318458632047665
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:seB1UfVV/JYEQVg9Dpe/IV/OdBE0pVPU2rBvZjkLcH6bfid:s21U9VxqKDpeK7kVPU2rFicc6
                                                                                                                                                                                                  MD5:9796ED786D95606D51BE9DAB54FB5350
                                                                                                                                                                                                  SHA1:6EE48A6F912384D8F9CCE8BF7931BED779DC1D9D
                                                                                                                                                                                                  SHA-256:74368197CB53191E522E3A73AAB974D53EAE8E38DA694A1ED2CFA06F39176E58
                                                                                                                                                                                                  SHA-512:E9D14BA4486E73AB0FBB30F0C505E8AB2D8D5F55A3F87EC33AAE994F3B796EA415564136E70812B6ED09595D1BEAB345FEE1B7199694CE3F12118307065330D1
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:...... .... .....&......... .h.......(... ...@..... ...........................;.p.5.o.6.o.6Dd.0.........................................................................................d.0.o.6Do.6.o.4..;...;.p.3.o.3.n.3.q.3.n.3.r.7.n.5.o.6up.8Pn.7)i.2.................................m.3.n.6*q.8Po.7tn.5.n.4.n.3.q.3.n.3.n.3.p.3...;...;.q.3.s.4.s.4.v.5.q.4.r.4.q.4.q.4.q.5.q.5.q.5.q.4.p.4.r.5.p.4.q.4.q.4.q.5.q.4.r.5.q.5.q.5.q.5.q.4.q.3.r.4.u.5.s.4.r.3.p.3...;...;.t.5.w.5.v.5.y.6.u.5.w.6.x.7.x.7.w.7.x.8.y.8.y.9.z.9.z.9.v.7.w.9.y.9.z.9.v.8.v.7.v.8.v.7.v.6.v.6.v.6.z.7.x.6.v.5.t.5.r.3...;...;.u.5.x.6.{.7.y.6.y.7.z.8.|.8.}.9...;...<...<.~.<...<...<.{.:.|.;.}.;.z.:.{.:.|.:.z.:.{.:.{.9.{.9...:.{.8.|.8.w.6.t.5.t.5...;...;.v.5.z.7...9.}.8.}.9...9...;...;...<...=...=...>...>...?...=...>...>...>...>...>...>...<...<...;...<...<.|.8.~.8.y.6.t.5...;...;.w.5...9...;...;...;...;...<...>...>...?...@...A...A.................@...A...A...?...>...>...>...>...=...;...<.}.8.v.5...;...;.z.7...:...<...<...>...

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\3BFDFA54-5DD6-4DFF-8B6C-C1715F306D6B.ico

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):4286
                                                                                                                                                                                                  Entropy (8bit):5.1032077050059135
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:ylfbtHfEtPy/n3qq6kb57gg6AeOmm86JAAUw4HhcNh5VDc7D/:ypFs8BgxOmmH1Uw4EhvDi/
                                                                                                                                                                                                  MD5:BD5865B6A3787241931895B562D1AAF9
                                                                                                                                                                                                  SHA1:AB4636F3D534E11F8FCFDEA8A5070CD5D203F9C5
                                                                                                                                                                                                  SHA-256:A81AD17502B90A50BB491911F35D44BEF0A855BDA2F9BFCD7D98868AD0678718
                                                                                                                                                                                                  SHA-512:247766FE6585C0E965E7861AEDC48511CF825812B4C72345CB6FDBB148C3ED6A654C70D216187B4095770FB3BE1B5A18CD5A7289F5EE3BE0E6D01CB2AA12F40A
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:...... .... .........(... ...@..... .................................................................(H. 'D.p'D.#C..'D..'D..'D..'D..#C..'D.'D.p(H. ........................................................................(D.@%E.'E..'E..'E..]s..]s..x...........k...5P..'E..'E..%E.(D.@........................................................ @..'D.'E..'E..%E.(E.`...............................(E.`%E.'E..'E..'D. @..............................................%E.0'F..'F..'F..(D.@.......@.........................'F.%E.0....(D.@'F..'F..'F..%E.0....................................(E.`'F..'F..(F.....&F.P#C..........F.d.F.d....s.z........3r..<...3x..&F.P....(F.'F..'F..(E.`............................%E.0'G..'G..(E.` @..'G.'G..B[.........F.d.F.d.E.Z.F.d.F.d.F.d.F.d.F.d.>...'G..'G. @..(E.`'G..'G..%E.0.................... @..'G..'G..(H.` @..'G..'G..'G..\p.........F.d.F.d.E.T.F.d.F.d.F.d.F.d.F.d.>...'G..'G..'G.. @..(H.`'G..'G.. @..................'G.'G..(H. P..'G..'G..'G..'G....

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\4C95ADC1-5FD9-449D-BC75-77CA217403AE.ico

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1150
                                                                                                                                                                                                  Entropy (8bit):4.0366948059247445
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12:XEywkS4AG1drr8UDamI7U6lppC8CtucAXg78YDgPrmM9RzTEXMbRFA/9V6/:X5LBTrrnaVppstut4Daiw/EXa
                                                                                                                                                                                                  MD5:3264B65E59E51CA4943AE076748BFCEC
                                                                                                                                                                                                  SHA1:59AD003192DB03CA1E089924955FDCE0E25D159D
                                                                                                                                                                                                  SHA-256:65944B9D2003DCB988A8E3E03D29074A8C142520431EFBA1CC115036A8072F47
                                                                                                                                                                                                  SHA-512:7D81E6EE46A4389274C11178CB8E4CCF04BAAF1EEAD91BA44F27D7AF0290C55F55FBA2E7EC9E72DECA58D5138BA13238DCFB0956974E82059FE5285994090192
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:............ .h.......(....... ..... ...............................................................................7M$.*.(........................l......n.D.%.`...]R..P...A0 .4.%.'.)..................].........-.m...u...h...[...M...?.!.2.%.%.*..B...........v.........]w.G...........f...X...K...>.".0.&.#*...........<....................................H:..;.#.-.'. ...................$..................................8a#.+.(..}.................................................... .6.$.*.).......uj.i.......`........................................kG..*..........[.p}....U...........................................]fw./......:....oo...............................................4...........-...?...............................................'...........?...O...^.d.......................................1.E.........S...b...q.....f....................................................t.'...............n...FE..].........................................................0.......

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\5BBBDD5B-EDC7-4168-9F5D-290AF826E716.ico

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1150
                                                                                                                                                                                                  Entropy (8bit):2.867292544398476
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12:aRa8T7e6TkX4TLzYqQFTbondobmiSc/TRaRn4q9sldTu+R4mlyQRG/U0/2JBiEXs:8bDTVTlKvLRagLYmlyQR2aBiEXs
                                                                                                                                                                                                  MD5:7868D43BE5BE8978E247DA73B69A50AC
                                                                                                                                                                                                  SHA1:8F30676FF39D8A5DA69D2DCC624A6279FD323A13
                                                                                                                                                                                                  SHA-256:FA6C55B1C6F924242A2EE556859BB935A2427320AFC7D2C911AD4192727662A2
                                                                                                                                                                                                  SHA-512:52C174144A81B0218695FBB8F9152EEC917D914CD5DF2662A03706E161025FA962CDF4E952B42D990C254377B0B1A4B5B4B01AAF4E62AC6072847CE947252767
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:............ .h.......(....... ..... ............................................%...1...7...8...8...8...8...1...$.......................*...........................................................,.......@....Z...Z...Z...Z...Z...Z...Z...d.........$.................Z...Z...Z...Z...Z...Z...Z...Z...Z...Z.........1.......'.... o...Z...Z.. o...................Z...Z...Z.........8.......1.....Z...Z...Z.......................Z...Z...Z.........8......./.....Z...Z...Z.......................Z...Z...Z.........8.......#....@....Z...Z...d...................Z...Z...Z.........8.................d...Z...Z...Z...Z...Z...Z...Z...Z...Z.........8...........%........p... o...Z...Z...Z...Z...Z...Z...Z.........6...............B.............................Z...Z...d........./.....................d..................`....Z...Z..P..........#.....................Z...Z...Z...Z...Z...Z...Z...Z.............................`.... o...Z...Z...Z...Z...Z...Z.............-..................................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\66DD4BB6-A3BA-4B11-AF7A-F4BF23E073B2.ico

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:MS Windows icon resource - 3 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):15086
                                                                                                                                                                                                  Entropy (8bit):2.1885512297205745
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:WzjWBglIZ/GjtT33fW57FL0ZyeaCRZi+/vL:Wzw/U/W579AXpL
                                                                                                                                                                                                  MD5:2C40ED190AA02EB3A2CDC38B89F4458D
                                                                                                                                                                                                  SHA1:F6E1F3E63098CCB207CBCF5127B7619AD294A4E2
                                                                                                                                                                                                  SHA-256:FB15A61B133EC3333B377B947059550EC69304F0F9DA6FB333A54048F3E04E5D
                                                                                                                                                                                                  SHA-512:1068EE61996222DCCD50C007BDC4A99D83DCC928E22AE845D27419952854A21B716878815FDA5747B75F1226DBC478F67AD9FCF177F80E326695D603B7FE7FAE
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:............ .h...6... .... .........00.... ..%..F...(....... ..... ................................a...................................................a.......a...........................................................a....................................................................................................mmm.>>>.............................................FFF.............999.....................................,,,.kkk.............'''.....ddd.............................................MMM.............fff.............................BBB.TTT.........kkk.................yyy.........................................###.///.............JJJ.....................YYY.===......................................................................... .........BBB.............;;;.............@@@.............GGG.............:::.CCC.............PPP........................................................................................................................................a......

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\6D3582E1-6013-429F-BB34-C75B90CDD1F8.ico

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1150
                                                                                                                                                                                                  Entropy (8bit):4.560345262666608
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12:Xg2aJpCnnYdmnnnnnL5S1Mk/UUUUAODLMRtJ178FNffwuGN7lOzQOnA+zzzzzzzf:X4Ra5S1M2UUUUxL6AfqUg+zzzzzzzM3s
                                                                                                                                                                                                  MD5:74FDAC19593602B8D25A5E2FDB9C3051
                                                                                                                                                                                                  SHA1:81DB52E9AD1BE5946DFFA3C89F5302633A7698D2
                                                                                                                                                                                                  SHA-256:F06EBEF0B912B94D7E0AF3915F2A6B6B64F74CB60BC8AAA1104C874761A0DEE6
                                                                                                                                                                                                  SHA-512:8FFB507E46C99F1FEDE3F12C14998CD41AFA8CFC5C815756343041F1BEF6FAF7BA4429CEBEB87B0FB807D911F5516D235D5F893E519576B1FB675D25D025C21B
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:............ .h.......(....... ..... ..........................xO~.xO.xO..xO..xO..xO..xO..xO..xO..xO..xO..xO...x...x...x...x..yO.t...x...x...x...x...x...x...x...x...x...]..yO{..x...x...x..{R...z...z...z.................................|S..{R...z...z...V...|...|...|.......|...|...|...|...|...|...|...h...V...|...|...[...~...~...~.......a...a...a...a...a...a...~...|..._...[<..~...a..................................................v...a.......i..............................................p...if..q......j..j..j..j..j..j...........................q...y..............................o........................y.................................u........................f................................|...............................................................................<...............................................................................................................................................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\76C397A8-9E8E-4706-8203-BD2878E9C618.ico

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1150
                                                                                                                                                                                                  Entropy (8bit):6.638581632319262
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:r+jdxX5GMV+VhezSDogEXMJBpLwuHzcg5Q7XIBAgv/lN:ruBfkYSDzEXMrSuryilr
                                                                                                                                                                                                  MD5:15CC60C14626AE2549F3305C25B249F7
                                                                                                                                                                                                  SHA1:A5DB46CDB09B46FD644BE78D2E3B798AE1C3DAEE
                                                                                                                                                                                                  SHA-256:2D2E6EDAD6C27FD6BC79F2B02E15C1F8B227C1621536F902F065673FE03D0667
                                                                                                                                                                                                  SHA-512:75BC0B4C13D40C253B796FEF48AAF4F9BF8C5981B20D287E740AD9950CD95CBAB32456E57804A907D68475C8E0E2B174A4964C9014849B6A84EAB658052E6812
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:............ .h.......(....... ..... .....@...................pn..b..%U.1#M.B!H.L!G.O!G.Q!(9..%&..%".......................)._]w..P...I./.E.>.D.H.C.K.G.E.N.;.^. .]u,.............. ...4...F.oEz..=...9.'.7.3.8.;.:.?.?.;.H.0.[...BX........... ...3...M...`.g=w..7}..5~&.4.0.3.4.5.5.9.2.C.*.V...(5B..........+...E...c...r.e8w..5|..5.5.5.=.4.;.5.6.9./.B.$.N|....o..........6...W...v...|.e7{..7.?.8.W.8.Y.8.S.:.J.<.>.F.,.Dl$..........#...A...i.......|.c8.F.:.i.;.w.;.w.;.q.<.h.>.^.D.L./\_..........*...M...s...}..:w.s9._.;.s.5.m.6.m.9.r.:.n.:.e.:.U.0M_..........+...O...i...k..{xW.5.P.0o..)i..(n..*x..,...,...-...{j...b...c'.fVU.?J..(I...9...lW.+K./)N..*h..*q..*s..)v..'...3v...e...o.............{....)....)G./+b..,w..,{..,y..+v..$u..E^z..h...l...z...................k.1/~..1...1...0....... h..]XF..i...k...r...~...............3..15...7...7...5...1....^..t^ ..h...j...m...q...t...w...x..v..8..1:...<...=...<...5...4q...`...e...i...l...m...l...k...k..j..4..79...<...=...=...:...K...~m'.}l&..k..v

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\8D754F20-8BF5-11E2-9E96-0800200C9A66.ico

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):6518
                                                                                                                                                                                                  Entropy (8bit):2.407909805152941
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:GyGuu/uu/uu/uu/uu/uu/uu7Z96wNYtmFoUaeqLC+QVclwHCx/fkjOYYxmrpIZM4:G6tT5wHuXkjOZaImFcOk
                                                                                                                                                                                                  MD5:5E5293480F2EE9B15767E01F4D5DBAF5
                                                                                                                                                                                                  SHA1:4AF378AE27C39DC0128EF2094A5E6B657ADB60B0
                                                                                                                                                                                                  SHA-256:87CFD63B77DA23BF2B7C342F666138C3C35CEC7F2AABD51618447913AEE97DA3
                                                                                                                                                                                                  SHA-512:3CDE31C1641B945BF1007AAE8468E815E29B1712AB877AAE2FE9C94A4AB3C1BF39F027A4FD113F962B466903E2550D52AD88E9AA5826BC66D96F43CA4AA8F3DB
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:............ .(...&... .... .(...N...(....... ..... .........................................................................................................................................................................................................................82..82..82..82...d...d...d...d..................................82..82..82..82...d...d...d...d..................................82..82..82..82...d...d...d...d..................................82..82..82..82...d...d...d...d..................................82..82..82..82...d...d...d...d..................................82..82..82..82...d...d...d...d..................................82..82..82..82...d...d...d...d.........................................................................................................................................................................................................................................................l...................o.......................................$......

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\AD2FD2BD-0727-4AF7-8917-AAED8627ED47.ico

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1150
                                                                                                                                                                                                  Entropy (8bit):1.6159828216175358
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:/tToyoOvySW1mLMB6yAHyyuyIyMByyMyCy+8Byyyuc7yyDByoBySyUyvyvywbsz:gOI/ysPh2/Tsz
                                                                                                                                                                                                  MD5:58605FAE7FE4E695F5FD358A7465565B
                                                                                                                                                                                                  SHA1:F47615D987B3F2D8FCE40DC93D55DEE71A78CDDC
                                                                                                                                                                                                  SHA-256:831CC92E9F60D151B3446E5125AF5A8C45E613636D384324179AE565DFEC08FC
                                                                                                                                                                                                  SHA-512:C045AC34FC39BBF1D7B108EB85165C57E551B47239D8A6515F7EC843C2AAE0CAEDA9E3E1CB919F1AED2FF9F98FF8D34934ED961ECEBCA1413A1FCBDA4F09343F
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:............ .h.......(....... ..... .....@......................................................................................................................................*..........................................................h.......:...............z....................................................................................................................................................A...........,.....................................R.......T...............M..............................w..............7...............Q..............................7...............0....................................................................<..................................................................u...................................................................................................................u...............w..................................................................................................E...H......................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\B478FE0C-0761-41C3-946F-CD1340356039.ico

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1150
                                                                                                                                                                                                  Entropy (8bit):4.994300674852024
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:QJTtCJ4Rge9BuHYjB2oOU7y5p3ygw1tXivSP3l3t:QJhK4R1Hu4N2o2j3DBm9
                                                                                                                                                                                                  MD5:D2F1F9CE53773F7F51412AFFFEE0D97A
                                                                                                                                                                                                  SHA1:748398747AAA25473BBB58353FCBCCB424E78849
                                                                                                                                                                                                  SHA-256:00764980C4713198CBCDF7BD6A657BBAFFE15AE3BAA4E09A8EF19F32606BB6F0
                                                                                                                                                                                                  SHA-512:010734637DCE084DBADD5C8D7A5ACC73FF262F37331AF4C9FD318310A12986917C647FFFFABF97C102C97A496D07CBF7F834DD358901D65DBC6CD77CD1F827D3
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:............ .h.......(....... ..... .....@....................................<...<.k.<...=...=...=...=.k.?...N...U...................<...<.t.=...>...>.d.=.?.=.?.>.d.>...E...[...V...G.4.........<...<...>...>...................................E.j.A.1.........<...>...?.......D.+.G.].H.y.H...G.y.E.N.D.......?...=.......<.+.=...>. .@.o.C...H...L...N...N...L...H...C...A.<.?. .>...<.+.<...>.......B...H...L...O.Y.R.4.S.6.S...O...H...C.......>...<...=...>.;.....E._.H.......... `.. _.F.\...U...M...F.......>.<.=...=...=...............X.0!b..%j..%j..!b...X...P...J.B.....>...=...=...=.......J...P...X..!b..%k..%k.."c...Z...S...........>...=...=...>./.....G...M...U...].."b.."d.A!`...........H.......>./.=...<...>.|.....C...I...O...U...W...V...S.'.M.e.H...D.......>.{.<...<.@.>...?...A.Y.D...I...M...P...P...M...I...D...A...?...>...<.@.....<...>...?...B.).D...G...I...I...H...F.^.C...@...>...<...........<...<...>...?...........................?...>...<...<...............<...<...>...>.}.>.0.>...>...>.0.>

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\C665D993-1B49-4C2E-962C-BEB19993BB86.ico

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):5430
                                                                                                                                                                                                  Entropy (8bit):3.2795862597625223
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:E9fPpk2cvduCWCiNSvjayBnHhtg4tlyQtaPkhb8GAoYFbKtgZaI5zQh6zKUtGUNQ:kfWFuCWq7BnB/iQ4PkhgDF+CZaRGG8Q
                                                                                                                                                                                                  MD5:93E4504D4C585CFDA1979B37E75FE39A
                                                                                                                                                                                                  SHA1:5D4296F36E878B263C5DA6AD8ABD6174E4DFF5D8
                                                                                                                                                                                                  SHA-256:69AAAB4B888C83B3F77D524313F9383D9EDAA73E4AF111A7A637E9F84A1609D7
                                                                                                                                                                                                  SHA-512:072638BEE318F5E15AF53CF3F9EFD9156AA4836C40E8FB5F1F856706331CB11B528DFEBE8E88713FC7146FEFB1E66A614CFF2F4E87676D886D2F09D945CBD1A0
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:............ .h...&... .... .........(....... ..... ......................................... @. .>...?...?...?...?...>...@.@........................ @...>...?...?...?...?...?...?...?...?...@.. @.............. @...?...?...?...?...?...?...?...?...?...?...?...?.. @...........>...?...?..........r....?...?...........?...?...?...@.......@.@.?...?...?..+K..........9W...?...........?...?...?...?.. @. .>...?...?...?...?..9W...........?...........?...?...?...?...?...?...?...?...?...?..9W.......................?...?...?...?...?...?...?...?...?..+K...............?...........?...?...?...?...?...?...?...?...?...............?...?...........?...?...?...?...?...?...?...?...?..........+K...?...?...........?...?...?...?...?...>...?...?...?..........Gc...?...?...........?...?...?...?...>...@. .?...?...?..Vo..............q............?...?...?...?...@.@.....>...?...?...?..Vo.......................?...?...?...>...........@...?...?...?...?...?...?...?...?...?...?...?...?...@...............@...>...?...?...?

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\CCCED631-6DA2-4060-9824-95737E64350C.ico

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):5430
                                                                                                                                                                                                  Entropy (8bit):3.2795862597625223
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:E9fPpk2cvduCWCiNSvjayBnHhtg4tlyQtaPkhb8GAoYFbKtgZaI5zQh6zKUtGUNQ:kfWFuCWq7BnB/iQ4PkhgDF+CZaRGG8Q
                                                                                                                                                                                                  MD5:93E4504D4C585CFDA1979B37E75FE39A
                                                                                                                                                                                                  SHA1:5D4296F36E878B263C5DA6AD8ABD6174E4DFF5D8
                                                                                                                                                                                                  SHA-256:69AAAB4B888C83B3F77D524313F9383D9EDAA73E4AF111A7A637E9F84A1609D7
                                                                                                                                                                                                  SHA-512:072638BEE318F5E15AF53CF3F9EFD9156AA4836C40E8FB5F1F856706331CB11B528DFEBE8E88713FC7146FEFB1E66A614CFF2F4E87676D886D2F09D945CBD1A0
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:............ .h...&... .... .........(....... ..... ......................................... @. .>...?...?...?...?...>...@.@........................ @...>...?...?...?...?...?...?...?...?...@.. @.............. @...?...?...?...?...?...?...?...?...?...?...?...?.. @...........>...?...?..........r....?...?...........?...?...?...@.......@.@.?...?...?..+K..........9W...?...........?...?...?...?.. @. .>...?...?...?...?..9W...........?...........?...?...?...?...?...?...?...?...?...?..9W.......................?...?...?...?...?...?...?...?...?..+K...............?...........?...?...?...?...?...?...?...?...?...............?...?...........?...?...?...?...?...?...?...?...?..........+K...?...?...........?...?...?...?...?...>...?...?...?..........Gc...?...?...........?...?...?...?...>...@. .?...?...?..Vo..............q............?...?...?...?...@.@.....>...?...?...?..Vo.......................?...?...?...>...........@...?...?...?...?...?...?...?...?...?...?...?...?...@...............@...>...?...?...?

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\CFCE84E5-9A95-4B3F-B8E4-3E98CF7EE6C5.ico

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:MS Windows icon resource - 6 icons, 16x16, 2 colors, 16x16, 32 bits/pixel
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):34686
                                                                                                                                                                                                  Entropy (8bit):1.1787188557524333
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:ENq56QHucrYU+uLvYnF+y8JJ34uRzDXojiYjgHLZ4c2kFSAfhGVVwVv7BABQ3jIz:QFcvRxl4TjMFSA5G0BABX0NB90gQBtBZ
                                                                                                                                                                                                  MD5:5337074698C608F4996D7F6AC571DBB9
                                                                                                                                                                                                  SHA1:66CB3910242DDA40A4E17C76FDC73829C8DB99BD
                                                                                                                                                                                                  SHA-256:B3C8A7AA2BC429AA15A764574D7C7D54F2672628DFF75CA830A5DB4CBC878B3D
                                                                                                                                                                                                  SHA-512:D48AF3344304FFE613511529C227F0CDE3443C6409F14058D3E381754D6FE9295B71332840BBE8D55EFE40C893AB0513B15C70EC36008844508BA4FCC8E492DB
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:..................f......... .h............. .....~... .... .........00.... ..%......@@.... .(B..VE..(....... ...................................3........................................f..8........................................'...........s...1.............................(....... ..... .....@...............................................................................................................................................................................................................................................................................................3..n3...3...3...3...3...........3...3...................................9...3...3..o............3..43..)3...............................9...3...3..p................3...3...........................3..,3...3...3...3...............3..q3...3..>................3...3...3...3..O3..Z3...3..*........3..$3...3...................3...3...3...........3..93...3..X........3...3...3...........3...3...3...............3...3...3.

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\CFD4BE41-4C6D-496A-ADDB-4095DFA1DD0E.ico

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:MS Windows icon resource - 2 icons, 16x16, 8 bits/pixel, 32x32, 32 bits/pixel
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):5686
                                                                                                                                                                                                  Entropy (8bit):3.499087745233182
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:DU/TAAAAg50UqaoAQsOcRtzXoX6UDQU0U/F:grAAAALfaoAQxozXoNF
                                                                                                                                                                                                  MD5:CAE06CD4B5B7BE327CCB00A6DD6F588C
                                                                                                                                                                                                  SHA1:91AB18740E8C44D89F0C66485DEE5E616999921B
                                                                                                                                                                                                  SHA-256:0031AC87D8B67D608BF586EE097204782580EE645891C5D3D05591AE00F47953
                                                                                                                                                                                                  SHA-512:AD0DEEB131E9D78A58E0C61F0433F06332F0116129EA55F16739FF2C6A3767F5082500152B98273140296B8A8F1A7CAF984289AF5D562969B2515143E75E48B6
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:..............h...&... .... .........(....... ...........@............................2)......7..............le..TL..............vo..e^..........g`......}w..........zu..............E=....91......YQ..[T...........z..........>6..OG..ic..........]V..b[.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\F3F34CBB-24FF-4830-9E87-1663E7A0A5EE.ico

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:MS Windows icon resource - 3 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):15086
                                                                                                                                                                                                  Entropy (8bit):2.6549496934735806
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:jjXowmb64P5OOhw4SLGepPIOV+ZCreBKWoxBRAZLSFEnZIi:HYw85Of4SppQsaIJaRI
                                                                                                                                                                                                  MD5:0342F103B6960E1565D24EABD5A6079D
                                                                                                                                                                                                  SHA1:7C6C7EF5E86A83BC7FD75729BD641244CFFC8CB4
                                                                                                                                                                                                  SHA-256:F92DC912529EB9D75655DC9C41557D2AF532425D1A6C8BAFB0879109C850F955
                                                                                                                                                                                                  SHA-512:E37D8445CE9E0AE80E1519A11831075994F1F3255A85E8883F1CC171204DD3A4CC9560655E54F1AA27B4602A44B1FB4711AE352942319D6F0714F17AB48EB2D4
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:............ .h...6... .... .........00.... ..%..F...(....... ..... ..........................^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..]0..T$..T%.._2..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..........\...^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..[-..........}..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1...g..........Y*..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..W'..........g=..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..]/..............^0..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..wQ..........V'..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..V'..........wQ..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..^0..............]/..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..g=..........W'..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..Y*...........f..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1...}.........[-..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..\/..........^1..^1..^1..^1..^1..^1..^1..^

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\F98D4D4C-8AA7-4619-A1E7-AC89B24558DD.ico

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1150
                                                                                                                                                                                                  Entropy (8bit):2.5312914343989297
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12:wiamjx12wm3v23BJ37IE0K4cDm6H/HGtaYiBn:wi5xYlO3BJrv0pyxD
                                                                                                                                                                                                  MD5:192A42730EEA5A6A3238F50285F01010
                                                                                                                                                                                                  SHA1:28FC94448C726E0D62375942866A1FAFC916F61A
                                                                                                                                                                                                  SHA-256:4515919BA9C8A1AE19DEAE230F2FDFBB94DE5C29753DC3FB7C2A877B474F4F0F
                                                                                                                                                                                                  SHA-512:B680B643CC66B7687108C34ADBE80996851A5B24BEAE2E7EA58C8C8AB86D4900DF12D5A4E8380186A53D7A46F923B6A4D7DB46555C5BCB0F90021DDA10D4568A
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:............ .h.......(....... ..... .....@..........................f............j...=...................................................<...s??....................g...!...............................................*...q.................N.......................................................|..........._.......................................................v...........................................................%.......................................................M..................q...............................9.....................................................J..............................i.................................................n...;...............................{.......................4.........................................................................Y...........................C..................................................................Q.......................................................................K.................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\FDC2CCAB-E8F9-4620-91DD-B0B67285997C.ico

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1150
                                                                                                                                                                                                  Entropy (8bit):4.560345262666608
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12:Xg2aJpCnnYdmnnnnnL5S1Mk/UUUUAODLMRtJ178FNffwuGN7lOzQOnA+zzzzzzzf:X4Ra5S1M2UUUUxL6AfqUg+zzzzzzzM3s
                                                                                                                                                                                                  MD5:74FDAC19593602B8D25A5E2FDB9C3051
                                                                                                                                                                                                  SHA1:81DB52E9AD1BE5946DFFA3C89F5302633A7698D2
                                                                                                                                                                                                  SHA-256:F06EBEF0B912B94D7E0AF3915F2A6B6B64F74CB60BC8AAA1104C874761A0DEE6
                                                                                                                                                                                                  SHA-512:8FFB507E46C99F1FEDE3F12C14998CD41AFA8CFC5C815756343041F1BEF6FAF7BA4429CEBEB87B0FB807D911F5516D235D5F893E519576B1FB675D25D025C21B
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:............ .h.......(....... ..... ..........................xO~.xO.xO..xO..xO..xO..xO..xO..xO..xO..xO..xO...x...x...x...x..yO.t...x...x...x...x...x...x...x...x...x...]..yO{..x...x...x..{R...z...z...z.................................|S..{R...z...z...V...|...|...|.......|...|...|...|...|...|...|...h...V...|...|...[...~...~...~.......a...a...a...a...a...a...~...|..._...[<..~...a..................................................v...a.......i..............................................p...if..q......j..j..j..j..j..j...........................q...y..............................o........................y.................................u........................f................................|...............................................................................<...............................................................................................................................................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\FF57F01A-0718-44B7-8A1F-8B15BC33A50B.ico

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):5430
                                                                                                                                                                                                  Entropy (8bit):3.6877369236023396
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:1sBM4boY8LQhIjtT25y1X82YDb+v/TcYMdILyMh6QpdG8Q:Gi3H/jR25y1MRbSrXMadhPpEB
                                                                                                                                                                                                  MD5:4CA6A47462D19D539F9A32B702B10177
                                                                                                                                                                                                  SHA1:1F53B02309B901C8E7CC20F8640187F4F185F393
                                                                                                                                                                                                  SHA-256:1BACA3300AEA9840985CFBFBAF1622BE00922BA193168C1FC4246BDB8898F217
                                                                                                                                                                                                  SHA-512:E08A0013A7D8664CBBD88EAA1235A27704DBB4BD13D849D45B3A529F7373844D67C11A2B13881823EF6586840980B670C8FB278CF220D1093976CD00148CA2B6
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:............ .h...&... .... .........(....... ..... ............................................0...................................................................................................................................u.].X.:.W.9.r.X........................................q.W.S.4.S.4.S.4.S.4.S.4.S.4...Q....................0........p.W.S.4.X.:.................D..A...f.........................K.H.V.8..........................F..B.....................6.......................................B..............................................B..B..B..B..B...s..........................................B..B..B..B..B...z.................5.................................................................../P..9G.................................................0........Wb..5C..;I..................P\.....................0................Wb..5C..5C..5C..5C..5C..5C..kv..........................................\g..:H..9G..[f....................................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\FFF3F819-B6CE-4DE6-B4E4-8E2618ABC0D9.ico

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1150
                                                                                                                                                                                                  Entropy (8bit):3.9160268464631507
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6:DCA7VYhkLd2lrgxafa5l5ayJsPMcyEwmM7Zo72JOU1nMOkaWLSDuvw4/lMl:eMYhkcKaf0SyGPvyEM1o6FQao9v7tMl
                                                                                                                                                                                                  MD5:72460DF2C3C16ED7FFFA3988F5E86CBA
                                                                                                                                                                                                  SHA1:B17DACC408D124A0AEF2650A92F3C0AB2F9D4F54
                                                                                                                                                                                                  SHA-256:8D2A443307CEBA1D996D0DDAF5FCE63B838B5DAFA6F09AAEFF2D83127F38DE01
                                                                                                                                                                                                  SHA-512:516720411D964823FD88A63BB1B0AD49F8A98BEE03D13CCDF23EB5775C8B4A02E743D099A481573C02B311B27E447F646DEEA5AEB6066FABF38EFFE96E712876
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:............ .h.......(....... ..... .................................................................................................................................................................................................................................!.......F?..................................MG..............................OJ..................................................................ZT......................................................( .............................."..................................."................................................................................{..........................................UO..................................................................ZS......................................................93...................................&.............................. ...........................!.............................................................................................................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\ab_tests.json

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:ASCII text, with very long lines (347)
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2561
                                                                                                                                                                                                  Entropy (8bit):4.511287976109681
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:y4ktq43DntwhkNLyxnt2toyNntSGyNntiSyDntz1n:L/uDnKhkNLyxnI6yNngGyNnESyDn51n
                                                                                                                                                                                                  MD5:1A9CD4E4812B2D130CA45228BCB33700
                                                                                                                                                                                                  SHA1:10A4DA3CDBE3320CA8DE96C810AF22576333B2F0
                                                                                                                                                                                                  SHA-256:C42F8D9E12DB61B769D6D8D345CECD6668EC4847C80A107910BBF87530223C32
                                                                                                                                                                                                  SHA-512:FF13EBB69177190393F62528216F05170BD68A2E2A3CA511DDD92E40ACABABDB5CC002FB546ED8451FD952F1FF2FD4A6C93658DF3FCE987D7193B1F1D9615CC2
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:// tQtPYzJXnVa9SzjE0kXvU4xD/vLOQ3hg9wx9hzaCwIr7vvWyxsfKcoeBDzRhH32rMbTc8JdyS136pCaw/VzcEkpqwBXdOAhorEbiIX/gdISGtTN+l0c0xcOi4TVRtVh9eZ0PXwx9DhHn9UNOg9blF6mFcTxEWtnio8SP17o7RjmUzXyw7Vgxkq05I6iDTeLJYSIa9Ioe5a78EoKeWmPNX6Q/1/5Ga55FcZ+O44k9Fvbneuw1z17PhBMhe7zD+4dW6t38GaYX4wFVaVuiI34KLCjpUi6X+nsjkYjbhxuLAHVZyMZhYjgin24+CN/nRM8ohfN2U7ZCthbfHT71KSQI2g==.{. "version": 2023102301,. "tests": [. {. "name": "DNA-93212-ru",. "total_test_percentage": 20,. "country": "ru",. "test_state": 1,. "test_groups" : [. {. "name": "DNA-93212-test-ru",. "preferences": {. "gx.show-yandex-in-mid-profile" : true. }. },. {. "name": "DNA-93212-ref-ru",. "preferences": {. "gx.show-yandex-in-mid-profile" : false. }. }. ]. },. {. "name": "DNA-99214_GXCTest10",. "total_test_percentage": 10,. "test_state": 1,. "test_groups" : [. {. "name": "GXC

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\automatic_search_engines.json

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:ASCII text, with very long lines (347)
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):696
                                                                                                                                                                                                  Entropy (8bit):5.5212029392751605
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12:jGbJ98W8yXRZFji4l8Cg5eAWNeDUpzDl0w3guGs5w4d8QT:bW8yXVFWx5QNr70+Asi4d8QT
                                                                                                                                                                                                  MD5:A57F6FF749977E20CB51141D94BF0188
                                                                                                                                                                                                  SHA1:E5C47419036365F7BD8B4AC3CEDE333268D312DD
                                                                                                                                                                                                  SHA-256:86F89B4CC2CB0C835E543C0F6D327432E3593C42C303CC6A4C57B28652DD9199
                                                                                                                                                                                                  SHA-512:EAE1D63EC5D33E56690C80697B630D8F8600CC86539F4D5C7935CCA096BB0656352E4300F2D2338FC0AA8FC5C70676CDAF5C5EA346FA3293C8F67B4E6C15B3DE
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:// F7n3Sy/IGmzReATRzTK63iFOUytSjLBn7i6IzCDmG2oYcMh/i4+7dDN2+duv0z2/mT17AIM4I6bzJLLlCisaJwhnLYpfUBxV0xfgvqpl8+uy1/4XJ9OcA8r9+0tW9IGuF7oeolZnD9XaLAnkIaCJ6P6AeXnhOMXmHZwL+1IELm3Vdr26IHMFggBOWxcbcW+4cBGvIXeZFR8UuAG2cruv5MtJe34/ZwhLdh1MZVSVEvmh1PONPhw1z6Divsdn54EFW7Lx5Mi5E48pPrTD1VWbxz2y9exetRjsvXMEs+dkZ7vIhLV4RUKbNOOaraJ89+ITdJw2euMU9FXVyxzsncBI1A==.{."version": 1,."list": [. {. "url": "https://medium.com",. "short_name": "medium_custom",. "countries": [. "fr",. "pl",. "no". ]. },. {. "url": "https://youtube.com". },. {. "url": "https://redir.opera.com/amazon/",. "short_name": "Amazon". }.].}.

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\browser.js

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:C source, ASCII text, with very long lines (347)
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):22353
                                                                                                                                                                                                  Entropy (8bit):4.084825970683737
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:lwYMZFMYgbgAGbgQVT94o1gGdFhyi/SeFpsAycZNnIy7ahSOg57maDLmLELeSCyl:6MZUdgGdFhUO
                                                                                                                                                                                                  MD5:DF1A04DA30E0B88B9CFE8918C832BB6D
                                                                                                                                                                                                  SHA1:9D07A99E6EFA22FF4107EC01BF664939F3A6FCDC
                                                                                                                                                                                                  SHA-256:A53187E2863A1183A86939230B77CB40C05940C35469A8E855EEDCA55377E5BB
                                                                                                                                                                                                  SHA-512:E328A474DCA5D59E304AE7C6A1069A221DE2023C310C140C488CDE536EBF182AC3AD47A1E6689C5E5F8F3DFC712D1F823CE6524FE037B9268A3CD8E3D0ECB5F4
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:// QDZIV7kmNLFZgRELAVJ4Npq5/hyhUXjTxGn2/2o0SsLUM77EXaxAuJZqQ1Mdw+aU8SKvwkSDNmeZRw+Y2asSEmnZG0HOqIMgmSfu6zHN2h0GY3CUdgtIm3LQUaU62NOFOOGcp0TnowAvMQidWXc9t4H4zDprkArVTz9cZvdVSMmkI/1lSQqFeI272KGS7W3ELlu/GROyeOfa+yv+DUmcVSt9Pw4fHkOVVgGR92BL2uV7jWANQ/AJHlVK+1z54Y/04wBZNA0w8sJU1Yu2g12hwQ7ZCwAiMOFfjm1ZhznUCtQYgEJDoXsFQrdGywrZjZQkidlO+Op7u32m2GbP51mYxg==./**. ** Copyright (C) 2023 Opera Norway AS. All rights reserved.. **. ** This file is part of the Opera web browser.. **. ** This script patches sites to work better with Opera. ** For more information see http://www.opera.com/docs/browserjs/. **. ** If you have comments on these patches (for example if you are the webmaster. ** and want to inform us about a fixed site that no longer needs patching). ** please report issues through the bug tracking system. ** https://bugs.opera.com/. **. ** DO NOT EDIT THIS FILE! It will not be used by Opera if edited.. **. ** BROWSERJS_TIMESTAMP = '202312111442'; // for versioning; see DNA-54964. **/..'use str

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\continue_shopping.json

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:ASCII text, with very long lines (3079)
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):176599
                                                                                                                                                                                                  Entropy (8bit):6.075727372912163
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3072:hVVPEisdWI/yfiDu5YVdy9VyBh8xplu1/3XxZWfCcL3su3YRHLfLPLIzELzmBqK:XfiDu5YVdy9VyBh8xplu1/nf7HbzczEi
                                                                                                                                                                                                  MD5:A162EAB85D75BF2BCFA75C55006FAD81
                                                                                                                                                                                                  SHA1:BBF0FC057A13BB83EFB2EC34A26074A4A3A274F0
                                                                                                                                                                                                  SHA-256:FB4B41F69E1654CB6C9F23391DA77CAE4420EBDDA52364BAC669DBD8A066211F
                                                                                                                                                                                                  SHA-512:86FE37B6E9195555B1B35685B55B856F8E0E8B6CECB8E8640B6A40C705266283BDA4DFB8D3E6CF2DE50CD4EFF41E167DF2712D0996F781C3D9F6282A9A2D9F5D
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:// BfLmK3tVcIpY51J5MKykgiQE54C1mA8T+ydgVpHAMpmAG5OlG8gIwjuZSJAyaMCm0/5f2JmyfStIa7tLjTUUdIUtdsSzEDLVxH4D2nTfDlKMz06HEG9cKpRuu/iwovPG5IyU5ozwMFQcaf5A0AiZEf2si7h6rm7sW2hH8y5Qtiq3lwont5S/bg9u5xxZYQiEVU24OXB1Atlb0NT3YX9uutVmq/v0Zzf3+aObiuUqCxwd9t9sMVRpZjF25UypZhD5XSI+P4V6vSWOIwgj9sCVgUvbtOroWmOYwZK5F3bqtBd+aaJbG3tgxSdR8bqeX5YYStRHSshuqodtjukjCLyIeA==.{. "version": 9,. "partners": [. {. "partner_id": "aboutyou_at",. "partner_domain": "aboutyou.at",. "product_url_pattern": "\/p\/.*",. "product_history_pattern": "\"aboutyou.at/p/\"",. "partner_icon": "data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAADAAAAAwCAMAAABg3Am1AAAAclBMVEUAAAD////4+PgYGBikpKQmJiYLCwvi4uLb29tLS0v09PTp6emCgoJra2tcXFxJSUnr6+vJycmKioo6OjojIyP8/PxfX1/6+vrMzMyamprf39/S0tLR0dG9vb28vLxDQ0MfHx8aGhrd3d2GhoZ3d3dFRUWvj4E8AAABVklEQVRIx+1VV5bDIAy0wcbg3kt62b3/FTeUZ+EW7Yt/M5/SSIyEEM4Xn4L5lRCVz/7Hpq13jEJCwujotRSl1yVv3BENL+v3/OThzsCTd2o84i5AvE1dt/NIyoMgH4PPt438F8Mu4syn1M/iwsRc1s/wtLdP2dje1JTkrdbbqfSDne0a6IBupf

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\custom_partner_content.json

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe
                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with very long lines (1824)
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1344708
                                                                                                                                                                                                  Entropy (8bit):6.081849998191263
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24576:idUTvr+x0E4H3CAHkd0OhPVVUCs4dxemFiG7V76d5vQVUCaxU:iKTHhySkuz/G65v1y
                                                                                                                                                                                                  MD5:1FB07CF2B20D516ADC1067D9C4C57BB7
                                                                                                                                                                                                  SHA1:DA0BFEB9A98B2FDAF422A1B52FFA33ECA0684EA1
                                                                                                                                                                                                  SHA-256:294592F92BDDA407A531D81D64B7D141979F7B5B052370C1041430530DB7C481
                                                                                                                                                                                                  SHA-512:F4B17E1E60281465A3288E5BDE7C537AC419236A72B680AD533E93CAE81DC8E12221339A737C27257B0A561192F655C70230D818EB0219CCB5E4641B5FF811D8
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:// DUwgkzpRs2UBZDQI77+cT3P6rFCB1A0dTs323s0P8VwKPNxJg7UC76QDbcCRMySUWu6oS1yzTCguRlUYTcidqpeZdtHOL09/z+luPzIHHqB/vQ9rnmKvNPJpGrBJkKfytTOuw9v8frDeZaeH6r4iB1b3IcxXDVBG/cZiVMvhj0/b9SbAbkgN94GUrDjIArHEo49eBMFcYKuLFjOUmbiRuESFn3Rlx1SFNsPk2GEohrRvsb3Fzh9UH6hwKFUEBxwUWIGMtPpf2rIDmUxAEUigjvrWMiGoDk4x5FdM+p5livY9OVeyVGtcfDm8zZJ3psJ6Uz8cqK1ZhYsebZFUup9rZA==.{. "version": 32,. "partner_id": "std-1",. "user_agent": "std-1",. "search_engines": {. "location": {. "ad": {. "other": {. "list": [. "google_com",. "yahoo",. "duckduckgo",. "amazon",. "bing_attributed_ysrcunow",. "wiki". ],. "speed_dial_index_list": [0]. }. },. "al": {. "other": {. "list": [. "google_com",. "yahoo",. "duckduckgo",. "amazon",. "bing_attributed_ysrcunow",. "wiki". ],. "speed_dial_index_list": [0].

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\daily_wallpapers.json

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):72163
                                                                                                                                                                                                  Entropy (8bit):4.601891206052405
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:sgypXfnu++bTNwGeJdhnagcsBVG/oggB1PqMvYv9Jq6AaR8PgwKsbtx2301bf1Ew:6
                                                                                                                                                                                                  MD5:9DA90B26455525B2331FB64ABD1B0D60
                                                                                                                                                                                                  SHA1:592BB5CFCC9DF4126BEE2AC5464703D180789AC3
                                                                                                                                                                                                  SHA-256:924BD0C85221070ADAA23138C911C55AB29D84279782FE937D1E70407CC22C66
                                                                                                                                                                                                  SHA-512:D058B76007FD7568E23E351C96E8F34AF639D30DC0633052CBE8A094598E3F74D90E81DAE9EAA5AD96988F3CC2157A249927F0D015104666449C5D116E256CFF
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:{. "daily_wallpapers_schedule": [. {. "wallpaper_id": "mods/kaandijoelepfajcbaglpnacgmebonpc/smart_wallpaper",. "start_date": "2023/9/4",. "end_date": "2023/9/5". },. {. "wallpaper_id": "mods/anlamljaonmlkmfaipamolamdpjobldl/smart_wallpaper",. "start_date": "2023/9/5",. "end_date": "2023/9/6". },. {. "wallpaper_id": "mods/eaahgnceaiheanheajmiojafolhdfbih/smart_wallpaper",. "start_date": "2023/9/6",. "end_date": "2023/9/7". },. {. "wallpaper_id": "mods/dafbhaiokkmgdlcpiblejdpgcnipgljh/smart_wallpaper",. "start_date": "2023/9/7",. "end_date": "2023/9/8". },. {. "wallpaper_id": "mods/jpghigceifbjmaommcoeheogkbphlanb/smart_wallpaper",. "start_date": "2023/9/8",. "end_date": "2023/9/9". },. {. "wallpaper_id": "mods/eggjmmfhnmejmopboifholjgiekialgf/smart_wallpaper",. "start_date": "2023/9/9",. "end_date": "2023/9/10". },. {. "wallpaper_id": "mods/naabgogikghh

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\default_partner_content.json

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with very long lines (7765)
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):253301
                                                                                                                                                                                                  Entropy (8bit):6.035774365318968
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3072:Sm3irEaq+nSpKS1d/ttUYD6W6Z2NrwYrVZCs0iUCabiKfAu/wX2OCy:iEe+1btUYOnkrPVZCCUCabNU
                                                                                                                                                                                                  MD5:0260798466651B04FA86B173C70FE4F1
                                                                                                                                                                                                  SHA1:537ADACA993544B673D17EAE5995AA192BE86429
                                                                                                                                                                                                  SHA-256:12C7EC453F4EAEB9B18516021C58B71104ACEAB630379FB59CD35A754FEA908A
                                                                                                                                                                                                  SHA-512:6C4C7EA7EC06169B99347134E0BAD706E0776E679D18FE61A597CEBD7D9BB1324B5FC81353E54ED4272A6B5F7AE64BE9823CF7D3D7F59C581C214F6B6DE9525A
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:// nfq1spu0TAva+Vnb+aLJ13ZF/dfnX5gUutYCk7kY78Pjv1iZPcMwraRgVzj8Yi6g6CNMboi004U1I6JEOIb2InR0I8wbg/d+n+WchYaFOwiJuwV2saDCK8Zo0s1IXC+p/6G3dMtMEG6sSdnUWXUsMu5e5tTfYwWZLY+i6UBCIPCUuoXaT6F+faqeHNyLxjRXFcWFyCoFBHP7HAAmALhvNyChIMQBsmh9wjhRf8KKkYkePN+SWf3wRrVcia82uoRa0gtJ4vorQeLdwtW/Jx5ZvSmlFwyht08Pokpvn+dwzbk+D4DJIuDBPym8+kIAkNYNUTvC+9n1qzUG+gpfY8sYTQ==.{. "version": 121,. "search_engines": {. "location": {. "ad": {. "other": {. "list": [. "google_com",. "yahoo",. "duckduckgo",. "amazon",. "bing_attributed",. "wiki". ],. "speed_dial_index_list": [0]. }. },. "al": {. "other": {. "list": [. "google_com",. "yahoo",. "duckduckgo",. "amazon",. "bing_attributed",. "wiki". ],. "speed_dial_index_list": [0]. }. },. "at": {. "other": {. "list": [.

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\doh_providers.json

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:ASCII text, with very long lines (347)
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):801
                                                                                                                                                                                                  Entropy (8bit):5.495629414250427
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:+Y01zxc7Un9fG0M/MBh3ILSXaiSmAXSqA/Cj8:j2NkUtG5/cnXazmACjCj8
                                                                                                                                                                                                  MD5:4F98A7320537B24179D9860246E2D840
                                                                                                                                                                                                  SHA1:B727FDB4D25AA07E02464EAB8DAAE4DC663ED298
                                                                                                                                                                                                  SHA-256:574421B40CF123844F55A0A72AD5EC0BC9DEA3C8D823F8B7EC065D7B7C346175
                                                                                                                                                                                                  SHA-512:3F6273688F25D375974A18E554339B7F3E2F0BCEE19F31E265DD6256C3514A23B4980D4F2182A69AD5ADA95A2CAD8F94AC04B510A26954392626EBD28F54E5B4
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:// ia96yydt8bWv3y5ivc46+PdnIQFXt6cwopEjrrZk+GzzrDKmMzcyxK7YvTbpmIQjCw/QjXke1u1o3WiWeFr5+90QlOeWBJnZjzqILeh/ogmgCbB7hcNIVL31zrGZF+EyVVFZVRDsBx6pLCX3DEHKGrXNOb9epqcY2EwwM0goOtSqFoc+wlNrDRNwVOVT4GQ05GKThcHzHWSMu0DzC8Yd2II64XSFBsDM9U+HlrlASNhELQ31db0HJL0EWMcQc4sFM/DixX7TPvU/oKX35liQk8HEVxVrxhm612/tW8rZ54zab/O3RW1LE/23aLHU5jslgAI36CGRvXFeXlfeA51jJA==.{. "providers": [. {. "url": "https://cloudflare-dns.com/dns-query",. "ipv4": [. "1.1.1.1",. "1.0.0.1". ],. "ipv6": []. },. {. "url": "https://dns.google/dns-query",. "ipv4": [. "8.8.8.8",. "8.8.4.4". ],. "ipv6": []. },. {. "url": "https://dns.quad9.net/dns-query",. "ipv4": [. "9.9.9.9",. "149.112.112.112". ],. "ipv6": []. }. ].}

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\partner_speeddials.json

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with very long lines (347)
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):379486
                                                                                                                                                                                                  Entropy (8bit):4.977729585377959
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:1536:gk3ohTiFtZe5LZ4N30hzVAOJ7t5FLymYLKpEc8YQQDxL0fff8IYxil:KiFtA52N3Qgmmb
                                                                                                                                                                                                  MD5:980611397C2A8223B35B7034493DC6ED
                                                                                                                                                                                                  SHA1:DC6651965B19CD98DBCCF2D47E5616AEF91D837F
                                                                                                                                                                                                  SHA-256:3E9BB5F46CF23BA5A261B51A24D39D820CFBECD2C6C6F4AA84ED24DCE3BB2BBF
                                                                                                                                                                                                  SHA-512:03E92FFC9166E3F852C94556B9EBF2EEBA2F5B9C72B7FB30FEEEBC41169F4E3777CCC6F2F2900AC50A28E9744C231B8BD792C01272E4F52F1BD07CDEFCF7DADC
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:// aMvTMfwr0HztLXZQv1y+xyWRM8WBOCTknkf59MUwnsKUz4zTG42y7iJvc+jXe3/jdpxXQcfhiY5AwOQ896DLwFUNqXQ4dImU0rWWmDdFGsJAIwdIV/n/xZzr4uWwzxhNpWud01i8C/N7YHGDXDjPhA5cXFZF0DQj7zE2SIuaqEKz5hZljGyJOxpP4PSqOMm+7ZrpzOZOxFx5JYwIo4XTMVa6eppoQcw75nsgMjeVc3+++zFQgsuI2Zeb9BkQgqq2bY2touAcdrhfqfGjJmXj39Yf6sSErZYOoyRhtOgW+QOPS8maSjCFEuWYXEppoL89higpHZiKlZ4vqQ0TYVfKFw==.{. "*": {. "bookmarkbar": [],. "speeddials": [. {. "favicon_url": "https://sd-images.operacdn.com/api/v1/images/46b911f451044a30c1aa38f062e1a4939605f09b.png",. "name": "Twitch",. "partner_id": "gx_twitch",. "ping_url": "https://speeddials.opera.com/api/v2/ping/gx_twitch",. "position": 1,. "real_url": "https://www.twitch.tv/",. "replaceable": false,. "revision": "20190409",. "thumbnail_url": "https://sd-images.operacdn.com/api/v1/images/20586137116208fbaa36984a3165942edf7daea0.png",. "url": "https://www.twitch.tv/". },. {. "favicon_url": "https://s

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\purchases-schemas.json

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:ASCII text, with very long lines (347)
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):134754
                                                                                                                                                                                                  Entropy (8bit):3.912152746351969
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:HheiiOv/GKbJ0Srmhmvm4mxsmWy9IrjRR2UmIm8pNI170TZM2TRfdL82Bcj5d+SA:7cUw46YQbjD6YbW0LGEcE6x
                                                                                                                                                                                                  MD5:50B7EEA5800999F39B8C3D93AEBA6545
                                                                                                                                                                                                  SHA1:781B66FE6B6548CF39522E3661BD6A9ADE39456F
                                                                                                                                                                                                  SHA-256:239158E719514AC1205D1844643E24440D0833C0C7C64060AAFB6FE2378C63D4
                                                                                                                                                                                                  SHA-512:192CEA97EAE5C5148D4D5C1AC818CCB9C75F12119446BD772A9BDFC07975739A66558B580BA5B29FF47275B60DE099C954E82B91CC34DB683C63ECB42C671052
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:// nT/e0fNNq9R2n1GNHggMQYT4GDR4XJHAsGYhnPcLb+eG0AT87u+hknCDu03zU4w1JTGc7yrHkkK17b8TIT5tk9x9KU8mgfFBqUYb39RlMQg/CzgtdoRj6qzpRGbApfZCt6JpUvp+64u5NUh1lWMayZmuKg+teFql4t1J77VVkoU5OgZxe5PGy4Hz6S+MzoiqHndxSpFPSEuIdFjOEhczMm6YPhqvMqg8IIoNGkqMcqVRM+gE/hIHPcmtvq/I8ddyvmKdB24FrzZDbUOCA704/zJrA90VqpJZYXjdYqYEH4Waa3TqqxD5HB5OJ/ps6pJS83kIVpH5qRL0pZbCnhl26Q==.[. {. "partnerKey": "etsy.com",. "onfetch": "set-basket",. "urlMask": "^https:\\/\\/www\\.etsy\\.com\\/[a-z]{1,4}\\/cart\\/[0-9]+\\/review.*",. "recordSchema": {. "partner": [. {. "type": "value",. "value": "etsy.com". }. ],. "locationUrl": [. {. "type": "eval",. "value": "location.href". }. ],. "cartTotalValue": [. {. "type": "querySelector",. "value": ".order-total-cost .currency-value",. "property": "textContent",. "postprocess": "pricevalue". }. ],. "cartTotalValueCurrency": [.

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\siteprefs.json

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:ASCII text, with very long lines (347)
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):16336
                                                                                                                                                                                                  Entropy (8bit):4.096307138298755
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:l0z+fKK7cx9FEfFOvV/woaVvAg33wkPvvEyh8f2YfIMteve:lUzeAEdm/F6v733LBh8f2Fm
                                                                                                                                                                                                  MD5:7212B19C8997889F2345003AEEC5B4E4
                                                                                                                                                                                                  SHA1:1F7B1FBDF2B01815DB9E999C3E98A18D0E0E9DE4
                                                                                                                                                                                                  SHA-256:F52A688F927F81BB5F237A240C9F61FD80DE8284E5DE74A1C8CEE61E74EDA280
                                                                                                                                                                                                  SHA-512:33B5F7F5D8436B0E511E18935AE42F6F26001A14F08F440539F789CC0C66F3183C8AD36053C4BF080A5CD7C3AF97EC2A5A9E6A6BB460A3C27D11E37B7CA13262
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:// k24/Ffg2RPVDyNKbEYb25TwjC0ihNCCKwx/8K7VSfZo4hiEaW6qpB06Q5rdMYYUaB1gBcoETFy5ysN9dkkX03XU4dwn7U/t/TLFyooFnACZMQSijNQf0AFQY6lJflgzHAnw6x/9Rm0qfcG9t7gN7mk/s5v5wMDlMdAbUu1CDZntBp4O8J1gyWLsHktMtcnceHZqp5VGsfZncsr/dssFqwNZ8HQ1jjLFNg7mh7FWzxFmf1yrTc8QMCnjkBm9iyRQCfda8+Kp/t0qty8n3vSiRo1FOzCvI4FqM8Fq7mjgpIJHf12FujKbPxJu1ThToO6JEwpukpu6yZQl8XG9jYukpZw==.{. "@version": "2.0",. "timestamp": "202401081455",. "firefox_ua": [. "youtubekids.com",. "techtitute.com". ],. "chrome_ua": [. "bankline.itau.com.br",. "nowtv.it",. "play.geforcenow.com",. "act.hoyoverse.com",. "stylein.com",. "datadoghq-browser-agent.com",. "track.capitaloneshopping.com",. "cos-rd.com",. "cdn.capitaloneshopping.com",. "capitaloneshopping.com",. "api.capitaloneshopping.com",. "pixellu.com",. "amica.com",. "delta.com",. "whiteboard.office.com",. "school.novakidschool.com",. "demodes

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\specific_keywords.json

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with very long lines (5243)
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):46132
                                                                                                                                                                                                  Entropy (8bit):5.476429533205484
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:kEzP3QpnVouOS/8pn4pNiO6btzP3QpnVjuOM/zpn4YNiOvv:kEzP3QpnDOS/8pn4pNROzP3QpnAOM/zn
                                                                                                                                                                                                  MD5:34CEDACC1C62313116216EA57A16683A
                                                                                                                                                                                                  SHA1:D627058E97DCAD8F0A8737DFE2FFA195D868E5E7
                                                                                                                                                                                                  SHA-256:F04CD2A8EC2686420E9A89C454C379C76B610BE2AD62E2F2F1A9641A9D9ED286
                                                                                                                                                                                                  SHA-512:FA9947AEFFBB687B4D0D632323BAD68E5E93572398FBDD5A7665E1530F3327BFA4307C4AC8AC035E423A667C322FBBF98CCA4995AB9B8EFEBBED99761D753D18
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:// DJk2k3pkp9cay3NljwD03+GA6BPihyqZAPyGTt49ivHi9iZ6PCltyC1kZ47WPQmo7WuEhxdSZaZN7uE+VJdTrnfzgcTe4Nz9SU60AUeW3rV7dLOmyQuCm6HExT8VxWHux47vXFsehnQYT8kx56qh1FwN96iY0bsNMLnuo4JA2Hdobl43moGSrTi/eIGdTpA6pq1oHaQgMA8tu6ztgOuMXrE85Qkl8WGanStebuBLdRfGlBkLVG8IqS2YqFyTS5E7NjDLkqOYjx/rM00TqYbFaiVdCkUl5Iu/HyF3eE0cF2dpFLScIb29KBifsTSuiJpxQNvJrGe51SoLHg5oZFQFpw==.{. "version": 1,. "should_reset_discarded_ids": false,. "de":. {. "keyword_groups": [. {. "ids": [. "booking",. "expedia_hotels",. "tripadvisor",. "hotels_com",. "tui". ],. "keywords": [. "achensee",. ".gypten",. "albuquerque",. "alf",. "allg.u",. "amalfik.ste",. "andalusien",. "antalya",. "antwerpen",. "argentinien",. "australien",. "azoren",. "bad kreuzn

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\standard_themes\default_dark_theme.zip

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):575594
                                                                                                                                                                                                  Entropy (8bit):7.997587858488024
                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                  SSDEEP:12288:ZjFBFQ/C8jf5kVgirVnXUKN7CR4QkfWGFmDMpgiDW3p1Si8fM:HBopRkairVnX7+kfWYsMGEgPSj0
                                                                                                                                                                                                  MD5:8DB0209E463713D66AFEF101737C0563
                                                                                                                                                                                                  SHA1:ED7633389CAFCD8A4FB18C40B39EC67F1C1D6D32
                                                                                                                                                                                                  SHA-256:53E38D9406BBDE4D600D7E2888F389B9D3211688157B3B0BE8E60BD2826E2839
                                                                                                                                                                                                  SHA-512:789742F61A55AFA748A02D51796E275FCBC132136655890E1DD87A17C37EB168A98E6511456A6747D6E2946074715F8B7F4B23632249071BD6FA5330213EBD93
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:PK.........L.Nc...............persona.iniM....@...}..k-.Q.+.A.Q1.F,.d........D.g.)......1.%c...r.>.9....!..........bw.h........Qw.X.#.%e...^...\##5<R.7XQ..U........=...R{..../ .....m.....l../..Ri.`6...PK.........h.N./7p............wallpaper.jpg...T.[.6|."&...".....JGP .......EzS H.....{o.$.D...APJ(."..Q.....D..y..{..}.]....s.=s.5.g...5..-.C........1.......?....._.cp.... ..................@|..|..z..........{..>...(.......x5.?/?.>.W..p...8.a... A.@<.@..?..p].@......n........q....{...... .e..D.o.A.ta.....5.".....8.x..^@...%.C..Occ,...ax~......T.i...S......8.8.......n@............G...c6.n.l..@p..WEE......'<.....H.^.oX...a"YX.6W7..(..'.i......X...C.~......0.=..@..6._&......C...#{...l .".^H..f.....Q............<8{m.. .....p.e..`..C...dW6...{i.................q.0f.#....'...nl.........B...@".X..X.+D8...+B8..XN.q)...~..U...T8.....A.a...@..^..Kx...H..r.......B8R..r...... !\.qn.H8L.K..... ....$.7........\<....$..xvb.s..T ..461.........|...l..8.....=...2$... ,..#

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\standard_themes\gx-1-classic-dark.zip

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1369275
                                                                                                                                                                                                  Entropy (8bit):7.990689177640962
                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                  SSDEEP:24576:zL6akytDuUu0px98mD8h9jzm0+Qww6Fx/xP0AWymhP6GGjvPfar2gwrCN:zL6AtSs8xjq0vwwgx/V0ByuP6vrqrSrk
                                                                                                                                                                                                  MD5:4C617C16867B8AC373F1A869990F498E
                                                                                                                                                                                                  SHA1:71BA19F7D40AA7BE1197C0E0D30177C390C0921E
                                                                                                                                                                                                  SHA-256:A0B04A4C883A25FC434618151974B00597CACDFE766E2EE67E6AA1D2EB5D6D81
                                                                                                                                                                                                  SHA-512:9975CE7FC5AC06F161C61F5F62108C04ECF56D9AE2C81108A1F99A285EAEEC5DA77E694027B22F2036B7DCFC053A1B836A90E45B325B4AD282DC2D99885EF667
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:PK.........m.T.R.a............persona.iniM....@...}..{.A....J!M .X/...y..6..7?.....1;.5.RC..../%."....`...zV.BZ.I..9H....*...N.kx.{z.!5.t.m.<.......X..,Xd4..:.........gv.....PK.........`.T%...W...........classic.png..TSm.&.]l.(..((......SQ,............;R.".R...... %...""%....I..$..s......v.5s..+9...~..y...y....l7o.AFFf..S6.ed...Ym.~.t.W.......\Cdd6*....y..C:."..1..N.I..j.Q..22e....kd..O......E.}fd....1..~I..V......3..d...>xe...g.....5.....H...2....:...1"..q.?..V....#+V..c...2k.T....5..e\...x.v..1..@..i.i...s3..@....(.u...U2_z..m..jo...x).r...A.K...q5.fSy.,I.UXo]...5VD.....S...EU..z....F...=O..S... .*..4....Z.sQn-7V....".5.E>..D &e:....+..j..x.j..0.6<....uX..;.rZ...B4S.u.<...,...c3P&a.\+.!....Z..P...h.yi...0}A..3.c..E..hx60.....A...K.6.*....9..S.2.).'}..I<H%..6R....hD?.I.91..x.b..@q....CO/B9...($.W]..0.:.!...&v..h.>...4.=..x....#k&...Y`&.@.7...e..#..7.$...c%&g.(z...m9.f...v.s.V...J...t...E...P..y...`..6..|..q..77.N_..Et.,..\.%....2%.t

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\standard_themes\gx-1-classic-light.zip

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1490601
                                                                                                                                                                                                  Entropy (8bit):7.991032980491148
                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                  SSDEEP:24576:sHlR8XTvui3OvlHQniqRbusb4Vq9HBc1rAkuQFsguHuk7JogEg8kxaPLkZeng/JS:zmRNwVbus8SCOkuQFsguOkd9E5mZDJVc
                                                                                                                                                                                                  MD5:81F209C261CA22CB919D77DD37136A92
                                                                                                                                                                                                  SHA1:45646D906BB358D5E1C86A46492BD85D3E089E7A
                                                                                                                                                                                                  SHA-256:4596B73D4901598F52BBEFBBEBACB70F2458AE8D690BC0B1BE53FCDE471DE072
                                                                                                                                                                                                  SHA-512:362E2F7EFD01AAF4E3CEF39E5F99D1C50B30E9129E289C4C039A63295ED5F668E6E084325BED7D9D90E41AADD4ED51B6F610F21A095D25D39EFBBF929CCF5D31
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:PK.........m.Tm^I............persona.iniM....@.D....kE...B.E..$..R..M..o......8..3..f.G..%.=..*.=..|...k.O.....E...}kcd.g...m...s.(XL.....;..... O.....T..g....q..E7.....#...g....2z+..)... ml)...&..PK.........Z.T2?.n)..........classic.png|{.PS]....... .K.).!tP.T..Q)Ai.k....PT....H. %. -..Z .\...w....k&.9{g.Y.g?k.u"..iSS.S...Q?..xADD...........v.....tL..(..~..2.Y....^h....qn\]\..>U%"....!%bn......x.u#u.v.......?.n.bd..B.9.4.\.T1........p..x).?.B.(...2..m.6...@./H.....m. n....z%...F..fH&.@F:@.......Z.q...*,.j..-...J.:.|..7.iF.G............;.A.\h...D.....7..\.,......L1..*.....n._q ....\..9..U..8....=..4.z'.D.pA..mD.....GJ.Y|.b....C...,hRT33..'L.jM.3..7...J.}.e..Y..z.....|.....}....Cq.y.2....;>......7...\.HV.6.om.u0.F..c ..iJ.~..I..5.......ro2}.i%........E...`}.w.~._d.9m...h..f.,....\\.;..<5....;..H..D.......}../..~..`e.bq.{....X4..+_.^...v.Z...qH,.._....~o.....+.?U....{W.<.7.........;>.c.Ur.$...Ty.<.{..L..Yf..1.B....@...t.......U4f

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\standard_themes\gx-classic-dark.zip

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):644311
                                                                                                                                                                                                  Entropy (8bit):7.998698130487401
                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                  SSDEEP:12288:UhRKAcXT8/vSRR1m/dlslxkq1oUEdA6MWLri1rHTpLrrDvDueE3xxeyIXS:UHxe83SRbodlgkq1hEC00rzpffxyIXS
                                                                                                                                                                                                  MD5:E1CD90FD73AF35BC5E37C08E570B1330
                                                                                                                                                                                                  SHA1:FEDFD7D049104A321FC68D0B85EB0C534BBFC39E
                                                                                                                                                                                                  SHA-256:57F26707CE39F684BBCC56C3522DBDAB8851C42878E2D6C3AE41C2FAC64AAF07
                                                                                                                                                                                                  SHA-512:519ACDFE72BCF76405E92CD45728048C3840D6A4494A64B9855177C681A1D104EF09B3A12536ACE68567BC0DA1A2EDDFA24C94BD65E830705B99416D2FC416B2
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:PK........]v.R&5 .............persona.iniM....@...<E..A.''AqR.PJ..=</.]j}|.....C>./..R.....Ow<8J...A{..v....iu......6.e.....q..2......T..@.]..... .."0../@.:F..7.^...G..F....|.PK........'L.R.'Q...{.......GX_Wallpaper_classic.png..uT.M.7.........m..w.`!8..........\6.../.{...o.u.Y..?..SU]]]5S...QW.CE"D...@U..........G..;b.........r.....[CHX.XX.+8.m.5..V~n......N m}O}.eAK.'V.?4..N...\.b..@K.kOr.k[....MW.%9.J.R.G.].U...$..n..m..`)`E)&J..+.W...'......C.W.._r.....f.$........)...N...nM....b...C.'.....- .L.............+.....I....l.V6......oO.....U...........C@@......../.....'....?...=,.A.. .g...@../O.J..,..UE..;{..P.M...te.`egsrb.........N...j.i....n.w?l.....w....j#.....)@Gi.K/'kgO.i..OX.@V.@.^.K....^nn..n......5'..;7/.......?r.'~)I.Y.N.N).In...I.INN)^)>YY.>In)...*8{x..-......x9.W^A)wk..........@..............^.h.r.g..]..... ok+Yw.'...Y..?. #..+.%.#....?.._.V...........W......g.#...........v..8..#dm.?..q.DAZB.w.g........s..i....P..+5.>zR.R.&.......T...>...

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\standard_themes\gx-classic-light.zip

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):548237
                                                                                                                                                                                                  Entropy (8bit):7.998514259135896
                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                  SSDEEP:12288:0uUVokuISPZT7tZX3MkLX2yOF1AupjNpKh/PMxGXlM:0vV5ubB/tZMgX81AAGcQXlM
                                                                                                                                                                                                  MD5:18E33CC30EEC9EE82FC709A057C96587
                                                                                                                                                                                                  SHA1:4BE508E28CE39087B0E241B89135DA5FC1A5C07B
                                                                                                                                                                                                  SHA-256:A2E8B98F32B559A9EB475FCB509DF0F49BB6BE86EFF46D226D2DA598E98A7267
                                                                                                                                                                                                  SHA-512:B69AB5A40A85D588E7C36784D0AE33829EC3D75E9932717339FA7D9B64DABA257D2D6FD86CBC9EA6E4D1ABDC162E6B7354482AD82261674A0E7E55705AB407FD
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:PK...........R"k.............persona.iniUT...-..`-..`ux.............M....0.D.....E.{..AP.PJY.m...l..oM=8.9<.1.!tRC.'...7.z...<:.+....."'.t:Rbxq.N.....E))..r.w2..d.m.5W.>.n..1.....(..1...@.zF.._.,V%.(....e....PK........'L.R..<..[...q......GX_Wallpaper_Light_classic.png.?...>.<..c.T..B.o..$.HR.....w&).NR..Q..%..=../.u.1.................:.s9..<.L..J.'.O...P..p......._.....X.?8..C.r].........D..bl.z........c........}-.-.[.&.;>#..>.;....)Y..#..3.Vc3.+{i...j6V+Si6MQU.U.y3K..^Nf..n.7.1.0e..a........z...;KzH...J......X.K\l.....R..*.q2c....5...e.I.....HH..............I..H.....a.Ns25....xx..4.....$?...;..0..._PBB._@._H..X...i.b..k................1..E...{.v...?..;.&.H...... ..........w......{:...5s..:...0g....V.B..I5'+.(F....W;3{....l..>S+SI.AAQcA.3^!s..^.s....................w;../,".R.W....&"(x...5!!y1y... .....7.]..M.....G......?.J.;...@..C ..Qp....q..8......r...X...\&T..Y3'+73SE'..+1.V.pAH.....5.y!...]8.k..........3..a..#....?:...G.......tH.w.$..... w.

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\video_conference_popout.json

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1064
                                                                                                                                                                                                  Entropy (8bit):4.216969853800906
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12:AZMCz9sRJH4/jRGRiv9dmH4/K2wFghIsv9Z7d/jJNHAA9Zn+DYd/jJNHAA99lH4O:AZMSTrd3K2SgIslZ7d5Z+Ud50+D
                                                                                                                                                                                                  MD5:19BEF2D091C16C4EE3F7B9D63A48EEC2
                                                                                                                                                                                                  SHA1:E148797C1874D3DF0F9AADA3C217BAD86E07B49B
                                                                                                                                                                                                  SHA-256:A31AEB78E781F22CEE4220D24B8D62AE139902E37804BC836EADD90264AEDBB9
                                                                                                                                                                                                  SHA-512:A245BB9E697897239B449BBB35197E8033285BB7C9F101CFD8AE43FB434149102F28534C2C58D561341B72DDE90632FDAF5D73E5DECE5D453C221D67987302D0
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:{."version": 7,."list": [. {. "urlMask": "https://meet.google.com/.*",. "width": 700,. "height": 450,. "blocked": [. "https://meet.google.com/",. "https://meet.google.com/about.*". ]. },. {. "urlMask": "https://whereby.com/.*",. "width": 700,. "height": 450,. "blocked": [. "https://whereby.com/",. "https://whereby.com/blog.*",. "https://whereby.com/information.*",. "https://whereby.com/sitemap.*",. "https://whereby.com/user.*". ]. },. {. "urlMask": "https://teams.live.com/_#/pre-join-calling/",. "width": 700,. "height": 450. },. {. "urlMask": "https://teams.microsoft.com/_#/pre-join-calling/",. "width": 700,. "height": 450. },. {. "urlMask": "https://meet.jit.si/.*",. "width": 700,. "height": 450,. "blocked": [. "https://meet.jit.si/",

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\root_files_list

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):730
                                                                                                                                                                                                  Entropy (8bit):4.668284777150785
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12:mgWiqgWiGlctgWmXagWmQEtgWqDWgWqbtgWSgWuWHwWiqwWiGlcHwWmXawWmQEHu:mgWiqgWibtgW2agWZEtgWqDWgWqbtgWJ
                                                                                                                                                                                                  MD5:3B491170F7EEA56B574A24876BF7451D
                                                                                                                                                                                                  SHA1:C5CC1BE375BB413978752F0210CD0A76A415FAEB
                                                                                                                                                                                                  SHA-256:D30B4A5E4B31A93F5EB6C20D94243839DFED71E69071683C6838B424CC2A071D
                                                                                                                                                                                                  SHA-512:178AF7B1AD0A2ADC377B921C350BF877E4D82E561C2058B7DA66CBD6172681849E4ECA77DD2D385AB8309179B15C52B2522F181A5188A448478A09677F68C7AB
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:Assets\150x150Logo.scale-100.png..Assets\150x150Logo.scale-100_contrast-white.png..Assets\150x150Logo.scale-140.png..Assets\150x150Logo.scale-140_contrast-white.png..Assets\150x150Logo.scale-180.png..Assets\150x150Logo.scale-180_contrast-white.png..Assets\150x150Logo.scale-80.png..Assets\150x150Logo.scale-80_contrast-white.png..Assets\70x70Logo.scale-100.png..Assets\70x70Logo.scale-100_contrast-white.png..Assets\70x70Logo.scale-140.png..Assets\70x70Logo.scale-140_contrast-white.png..Assets\70x70Logo.scale-180.png..Assets\70x70Logo.scale-180_contrast-white.png..Assets\70x70Logo.scale-80.png..Assets\70x70Logo.scale-80_contrast-white.png..Resources.pri..launcher.visualelementsmanifest.xml..opera.visualelementsmanifest.xml..

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\root_files_list.1711816766.old (copy)

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe
                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):730
                                                                                                                                                                                                  Entropy (8bit):4.668284777150785
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12:mgWiqgWiGlctgWmXagWmQEtgWqDWgWqbtgWSgWuWHwWiqwWiGlcHwWmXawWmQEHu:mgWiqgWibtgW2agWZEtgWqDWgWqbtgWJ
                                                                                                                                                                                                  MD5:3B491170F7EEA56B574A24876BF7451D
                                                                                                                                                                                                  SHA1:C5CC1BE375BB413978752F0210CD0A76A415FAEB
                                                                                                                                                                                                  SHA-256:D30B4A5E4B31A93F5EB6C20D94243839DFED71E69071683C6838B424CC2A071D
                                                                                                                                                                                                  SHA-512:178AF7B1AD0A2ADC377B921C350BF877E4D82E561C2058B7DA66CBD6172681849E4ECA77DD2D385AB8309179B15C52B2522F181A5188A448478A09677F68C7AB
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:Assets\150x150Logo.scale-100.png..Assets\150x150Logo.scale-100_contrast-white.png..Assets\150x150Logo.scale-140.png..Assets\150x150Logo.scale-140_contrast-white.png..Assets\150x150Logo.scale-180.png..Assets\150x150Logo.scale-180_contrast-white.png..Assets\150x150Logo.scale-80.png..Assets\150x150Logo.scale-80_contrast-white.png..Assets\70x70Logo.scale-100.png..Assets\70x70Logo.scale-100_contrast-white.png..Assets\70x70Logo.scale-140.png..Assets\70x70Logo.scale-140_contrast-white.png..Assets\70x70Logo.scale-180.png..Assets\70x70Logo.scale-180_contrast-white.png..Assets\70x70Logo.scale-80.png..Assets\70x70Logo.scale-80_contrast-white.png..Resources.pri..launcher.visualelementsmanifest.xml..opera.visualelementsmanifest.xml..

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\snapshot_blob.bin

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):305386
                                                                                                                                                                                                  Entropy (8bit):4.3876781201484585
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6144:IX9oChDGlC7xPxd2OMuuwy4Wv+IHFjKmqJVLmaP45ZSNY:IQYC
                                                                                                                                                                                                  MD5:90A251EF933D9C41ECC7888F80D9CDA0
                                                                                                                                                                                                  SHA1:840DC84B504FF6ADEB6FFFB427688F2D2D1CD2C3
                                                                                                                                                                                                  SHA-256:B3D992AFA1E46CD9F4B56156EA98E13D5951AA80A4707729EEDCAF09E8463ED2
                                                                                                                                                                                                  SHA-512:B2E1A47FFFEB70A959D4EE7592622C65DE158B5EAD7836D261B3C9D2E1640F6388D4FA2A5364E4D24D90972E3B034A0758FCDF53AEACE937EE806F1B34AA2D70
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:...........uB.jS12.1.285.28.....................................................(L..b................K..a........a........a2.......ar.......a2.......aT..........2w....w....w...Rx....x....y...ry....y...2z....z....z...R{....{..(Jb...+L.....@..F^.)..-.`.....(Jb.../P.....@..F^..`.....H...IDa........Db............D`.....%.D`.....D]D....D`......WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa............L.........................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\v8_context_snapshot.bin

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):677081
                                                                                                                                                                                                  Entropy (8bit):5.213919858273996
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6144:BRe3kKowl/mNksgu9oChbCv439z5leG8W+Eq0yfuYTVw+22ORZTamLAZvSF75kV+:YkVQmWsgHqdYmjrgqiGTZrWmevRe
                                                                                                                                                                                                  MD5:511C2E05F4693F2A4704538AF0EA8EFA
                                                                                                                                                                                                  SHA1:D23C07E8584442C838D92FF52002AF069A3896CF
                                                                                                                                                                                                  SHA-256:9620954A752266B1DC9859258711FCE9BA4713893B9A3AF4248DF0DB241C66A1
                                                                                                                                                                                                  SHA-512:3F0C3F95875D6F606CE516FC114DCF955D45A93BD47A92A5374BB7D5C89847DA21AA1C0F72B7A0A341658F736D709EAE000265FAF511B57815BA5A18B9BCB37C
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:...............h12.1.285.28.........................................................!.......................X...a........a........a........ar.......a2.......aT..........2w....w....w...Rx....x....y...ry....y...2z....z....z...R{....{..(Jb...+L.....@..F^.)..-.`.....(Jb.../P.....@..F^..`.....H...IDa........Db............D`.....%.D`.....D]D....D`......WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa............L.................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\vk_swiftshader.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):5184928
                                                                                                                                                                                                  Entropy (8bit):6.3541072364230375
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:49152:AvXajhkED3x693KyKfpzdQZAlF9CinlJy5UCUaEzdsQVTIXy/DUg3kqW6WXU03e3:EKjhRcKsdh8Azxlfez
                                                                                                                                                                                                  MD5:C3E483955B9505B561F2880A7552A889
                                                                                                                                                                                                  SHA1:3301AF762F0703D75DE4900733E67206437EA5B9
                                                                                                                                                                                                  SHA-256:D244658CDC184DC959750F8C94B8690C77699C7F619B87A3F0F514C315D65E45
                                                                                                                                                                                                  SHA-512:D907252D3F534896BD65AC735AD73A38DA1DCFA6997C68D474A89DAE3B984E3E2965DC7BD39B96A83576030BB550A5D6EEE93EFBDDA909F309C8AFEA74D309D7
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......f.........." ......?.........0?8.......................................P.......O...`A........................................@.J.......J.P.... P......pN..2....N..)...0P..f...J.8.....................J.(...@!?.@.............J.P............................text.....?.......?................. ..`.rdata....... ?.......?.............@..@.data.........K.......K.............@....pdata...2...pN..4....M.............@..@.00cfg..8.....O......PN.............@..@.gxfg....-....O......RN.............@..@.retplne......O.......N..................tls....Y.....P.......N.............@..._RDATA..\.....P.......N.............@..@.rsrc........ P.......N.............@..@.reloc...f...0P..h....N.............@..B................................................................................................................................................................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\vk_swiftshader_icd.json

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):106
                                                                                                                                                                                                  Entropy (8bit):4.724752649036734
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3:YD96WyV18tzsmyXLVi1rTVWSCwW2TJHzeZ18rY:Y8WyV18tAZLVmCwXFiZ18rY
                                                                                                                                                                                                  MD5:8642DD3A87E2DE6E991FAE08458E302B
                                                                                                                                                                                                  SHA1:9C06735C31CEC00600FD763A92F8112D085BD12A
                                                                                                                                                                                                  SHA-256:32D83FF113FEF532A9F97E0D2831F8656628AB1C99E9060F0332B1532839AFD9
                                                                                                                                                                                                  SHA-512:F5D37D1B45B006161E4CEFEEBBA1E33AF879A3A51D16EE3FF8C3968C0C36BBAFAE379BF9124C13310B77774C9CBB4FA53114E83F5B48B5314132736E5BB4496F
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:{"file_format_version": "1.0.0", "ICD": {"library_path": ".\\vk_swiftshader.dll", "api_version": "1.0.5"}}

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\vulkan-1.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):952736
                                                                                                                                                                                                  Entropy (8bit):6.616282744323633
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24576:TWIjzlce4j0yYKpMJl6Z5W9DYsHC6g3P0zAk7jmxe3W:TW6L4j0EOr6Z5W9DYsHC6g3P0zAk7j2
                                                                                                                                                                                                  MD5:B88D1DDFCAB19FB9D0142F955F055351
                                                                                                                                                                                                  SHA1:70C4433251220F42D776089A34B1E8A5A033BFC9
                                                                                                                                                                                                  SHA-256:72B386A44CC4CAEDABF6C7C9680802C14E9028A51B0ED0D6EF00B3D7D8BCC777
                                                                                                                                                                                                  SHA-512:F17B605A5F48C2A0434A1CD4781FC1FEAA4776B8AA2EB595C025F191829C2B786254C3C339B8CFD49AD11B0CAF317D72452085604D9A51115D892A948CADD87C
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......f.........." ................@.....................................................`A........................................h...<!......P................p...`...)......,...<...8................... ...(...@...@............................................text............................... ..`.rdata..............................@..@.data...pL......."..................@....pdata...p.......r..................@..@.00cfg..8....p......................@..@.gxfg...P).......*..................@..@.retplne.............H...................tls.................J..............@..._RDATA..\............L..............@..@.rsrc................N..............@..@.reloc..,............R..............@..B................................................................................................................................................................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\win10_share_handler.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1006496
                                                                                                                                                                                                  Entropy (8bit):6.426354490717511
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12288:gV2QGtR25z3IpPRpd+0Q8y/BqABl7TqigWBu+NmSLgoI/cyNX:rRWz3IpNjQ9/BtSi18yg6AX
                                                                                                                                                                                                  MD5:28B8B0FA94CB9418BBD97BC632B5605A
                                                                                                                                                                                                  SHA1:AEE03428AB1CF4636EE311BF7108809AF9AE24E3
                                                                                                                                                                                                  SHA-256:9EAA83E9C60165FB1A4F369F0555B1A1C63B65ACF17F4DD695F83D36DEF4200D
                                                                                                                                                                                                  SHA-512:9739A4FD97E7C9A664C99EB471252A089AE329869E3FEEC4845EAF3E81F11DBFA776332E956EB29690E06C37B4C9585A97883D9C1EF3B9B5FB9FE269E0060E44
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......f.........." ....."..........@t..............................................4.....`A........................................`...........x................i...2...)......x.......8.......................(... R..@...............8............................text....!.......".................. ..`.rdata...r...@...t...&..............@..@.data...............................@....pdata...i.......j..................@..@.00cfg..0.... ......................@..@.gxfg....(...0...(..................@..@.retplne.....`...........................tls....I....p......................@..._RDATA..\...........................@..@.rsrc...............................@..@.reloc..x...........................@..B................................................................................................................................................................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\win8_importing.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):621472
                                                                                                                                                                                                  Entropy (8bit):6.228116599783762
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12288:Ha21tkgBIusuTVryHLoRHY3m97caBoWRT:HV1J6usQJHUV2jRT
                                                                                                                                                                                                  MD5:2784D35711E3BCD52DF418B4DC435A83
                                                                                                                                                                                                  SHA1:43FEBC397A193EF1A732D428E47E085C751D8288
                                                                                                                                                                                                  SHA-256:D269D68B790C73839336EAC1E07CB7B91FF59A98DB3A577277E88FAA3EE53686
                                                                                                                                                                                                  SHA-512:41D574C273D912994E0815CE5CCD59358BB885460265E82BDAA9D9B2858EB07094346CAD05713CEB2A9C51493500A4C036A142C9EFD3600F89705707A2CE7CE1
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......f.........." .....:...........~...............................................9....`A.........................................r.......s..d................F...R...)...........k..8....................i..(....Q..@............w...............................text....9.......:.................. ..`.rdata..D....P.......>..............@..@.data...............................@....pdata...F.......H..................@..@.00cfg..8.... ......................@..@.gxfg....$...0...&..................@..@.retplne.....`.......>...................tls....1....p.......@..............@..._RDATA..\............B..............@..@.reloc...............D..............@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\17fb53bc-6f31-4a10-86df-42d0d555750e.tmp

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe
                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1672
                                                                                                                                                                                                  Entropy (8bit):5.1585286584857535
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:Yv8IYHRHLq8PBAfjXLme9Aw3r8PtJwsMh2eZuyrzsH:v7WzLmuAwaKsMweZu86
                                                                                                                                                                                                  MD5:F589912A6691DABA6EB0C1EF4B61B9FD
                                                                                                                                                                                                  SHA1:C4D4BE0D5F40B0ED0CB73B729AB4087E408ECE8B
                                                                                                                                                                                                  SHA-256:984090E1A332F8FD37B22F81EC9D0DEE3A0135A5B201B0389BEA3A5A3BA985C0
                                                                                                                                                                                                  SHA-512:D51BA8940F5731222714CB1E827C7E3E73E94E4DB4BCFD5988D97E0E0C22B5E9870116FCC8DD06B4D0A72CF59E4A4BD6A8CC79311E2AFBB476A7160A079419BF
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:{"all-installer-experiments":["installer-experiment-test@2","installer-bypass-launcher@2"],"autoupdate":false,"browser_edition":"std-1","country":"US","enable_stats":true,"features-dna-requirements":{"818c3ef12d0b":{"forbidden":["5b3eb4a6c335a0659d16d1a189ca155e4441ea14"],"required":["64336fb81a04836eb8108d24fbca3aa3682db0a5"]}},"features-remote-flag":"01979299c8cd,13e025f64bd6:disabled,13eeaf851da7,15322f489976,1ad69b007ce5,1c4dddb65bac,1d24dceb937a,278deecb29a1,2c1429a5a72e,3389f6c15eb9,40db6e644d2c:disabled,50796754ffc7,5448a57d6689:disabled,54726ed4401e,56d717ae3ad6,5a28d66c82cd,603cade21cf7,654296fe9d6c,818c3ef12d0b,8511df77ed15,970fe421a344,9ec4e68ae70a:disabled,b2a2a32b832b,b7751444d14a,b9677b166709:disabled,c24103d5839f:disabled,c25d6d8d2719:disabled,c57119eb4723,c9a44eaecc11,cbc43aa3cfb6,ce1c7c17ef6e,d144067b33ec,d4b5093b464f,e2c9ffba8439,e7de6afa38c4,f17eaee53639,f3834d6657d8,f77fe4682650,fc82980101cd","import_browser_data":false,"installer-experiments":[],"installer_id":"1b6

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\Assets\150x150Logo.scale-100.png (copy)

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe
                                                                                                                                                                                                  File Type:PNG image data, 150 x 150, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2181
                                                                                                                                                                                                  Entropy (8bit):7.807674908350133
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:Pe+1prHq0WWdnFX5lKhqEiJVk10s5pqe/cme:G+1prHqXkhrWqEiJa10ae
                                                                                                                                                                                                  MD5:B5A21B88B3D8A42DF265817EBEB742BB
                                                                                                                                                                                                  SHA1:E0BE32B4FC158DB4E9783094CCE614922114B742
                                                                                                                                                                                                  SHA-256:9635C074C9D8EDDE0BAF3111DBD7DB49CBDC370C4F729C80AC382949F32BE526
                                                                                                                                                                                                  SHA-512:21ECE0DCF17B038400D09565438FCE8BE61746DAA0250F2FA9D0526BBA3D1CE6F8DA5CCE944EF8FA685C5EB6CF857B073D2A50ADA44A44A76D84813871FAA5D0
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:.PNG........IHDR.............<.q....LIDATx...1..... ..6.^`...................{........m.m].m.m.m........[s....._.....N.Nw..._w..P...R... ......`........_[.i1...`.$.......C......*..,...v.l.>.ZP.B...E@......!?d..!.d.R......g)0...^H[.u.4.k`....0<.d.1.....0...Q`..I.._T..!...|pG.m=..a&.e.U(...C...n.^`........FB.X...Oio...z!...:.Tx.8;..9.[a........{.~.^......P.].r..d..A...?....<y.v"......l......^..._.....MA.o....?.>u._.d..`......E.@.5........E..................R...A..O}{.k..2.....jx\..5U.a.%."#.nA....6.!..W2.............R..j6r..v...."....N.GA..8.......>..p..#..,X.....Q...y..#.a..)....Q.e.zc\.'@.Al.....io....=......D.......F......A#6.^.^.Ma5...b.b...D...+.P.. .[.o..z....,...#<U.0.O.#..Z..........Q{...jA..ka|}...q.s.y^.!.Gh..R....t.g....F.......gt..6...7YjaU....0.*.......3..l.#.. =.h0t.06.v..C...T.}m..%...g..i,Cq..8.g.q..hx. .>..Kz...1....VF.)..q..$....._Z-.U...(....~>...-z]$.mh.%...e.+.....|.n.2..:...N._R..x..>.|S......i?.P....Q.F.d..U.8..i...T...........I.

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\Assets\150x150Logo.scale-100_contrast-white.png (copy)

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe
                                                                                                                                                                                                  File Type:PNG image data, 150 x 150, 8-bit gray+alpha, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1828
                                                                                                                                                                                                  Entropy (8bit):7.716814612583543
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:uIrxqF+qFL9yUaKagPWex0mLgIbPdyFKD0YTkogFey6mkAN7G:3wFRoGagTx0A4KDfTko6eCZG
                                                                                                                                                                                                  MD5:0BAE0648C3E320C4D439F158B4FD5531
                                                                                                                                                                                                  SHA1:4E860AE24F03522C89BDF37F3CCC10B54832861E
                                                                                                                                                                                                  SHA-256:28CE8FCB22080CE1F69346CB0720BBE5662959E413426F00062B706013DA8C28
                                                                                                                                                                                                  SHA-512:6A5E4105CCBE1664546798DB057B93622C9CBD6D5AF4967E6BE4E390A18FEC0FFCC807E3331F09ED0DE63ED85569BE7EC5EED5A7C663DF6CE4A5B70E09500371
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:.PNG........IHDR................i....IDATx...i.]U........J..RT.H....T...seV..)b.B.5.@.a.Q..P.c. 2E....eR...P(.....P........I...s..v...y...u......Q.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ...S.n...j.."....p..|B..]....>.......9.32.....Y.l.R..*y.\.8.4.....p.K..EY%}.5.h.[*.|.V..i.F..q~...;..W61.M5_..1F...Gj..IZ..u. ...*.w....oS..D.r.).U....j.y.#..y..U..;S.-"...n..v.^i.UW.j.hk...n.....,...LRe[.i.}....H.z@.9.q..".v.U9.""n.)....DD.iX.b.....*'....v5.#..~.$.7.]..Tm.....i......+....m...x.j_.'"NG.]..n.j.vl{..Ls...;.T.=E..3...1;.v..xB...*"^.1U..8...xL,7]...D.9.i.."..N.."...c..D...X...c+.t..8M...[......"f.........R..0R.1..Xh..;ND.=U.ID.a.....v..8...'.uct.....k.q>.q.jc.+b...F....r....AN.....}.....Y.J.k~.;4.3".U....s..$....n.q.b{.q.j......".Y_..E...b.=.S.".4...[...S....Y.6O.L...."...."......i../"..!M.>..4ED.....I..""60x.Ct.i...4.."..f..`(.....4..5.L....o........*W....xX.M...E..C...r.....U...8..<'.G.}D....E.k!.8...ED..iL...V.8.."b.C3[Dl..gED..^....-...NDL.iBs..O...`m..zW...k.A

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\Assets\150x150Logo.scale-140.png (copy)

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe
                                                                                                                                                                                                  File Type:PNG image data, 210 x 210, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):3140
                                                                                                                                                                                                  Entropy (8bit):7.81304512495968
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:X4+RWiQZwj2bSjtW8+i2elETWt5nQ1pzuiV8:ozEW8+iZECt9kzuie
                                                                                                                                                                                                  MD5:7E529063A02E4E83736B0263CB1B82E0
                                                                                                                                                                                                  SHA1:17A3C4B76962E90B1D2FA8A49441157949F4DC78
                                                                                                                                                                                                  SHA-256:A36A13A5D5E3D39E3018CCC5F8859944C87256F8BE24A3C08A6BF3CB06A26804
                                                                                                                                                                                                  SHA-512:571806725F83FECA90360B246D167A8857EDFD9EDC8DC0EF7EEEF80F291FD06088C405A5653513CB8AA309DF08CD609DF85A95E3379E3E5907566C876CA77CDE
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:.PNG........IHDR.............?..B....IDATx................................................{..dg.8....m....m.Z.m..;;y...s.GI?..Su..k=.T#..#.;..}/\.g..:b..a+.....t.A}...q..hq.-.}...`:.gk....tm.$...Ax.....B....c.ih....G6L.....;...T.U0...l....~...........W....=<j.....X..O.....r.Y..-..Q..1.....q`..PC..jL...x.'9........y.b=L.m..(U........a.....W......`:.Me.jh..U0.......;..{..I..|.W..C..4...b.nt.......L..a.........`9.!..7N@.......E.?..$.._.q..6..":.+`....W.O.G>o.F.K.c..G.28..Q.....|.....m..#X......N.P..{:...1.........4...F.....w......Z89.Y.w`.L...v.DC.h'......h...[=...c.2...&ze*h..t..j...@?..cpN......0...KC.....f..F.....2"...c1..m.)y..q..(..C,.e..!w.N@I..q4.......!.A...;q..Y..sy.{...."L.p..#<...'.-8.!u.C#...O;.......y<.=....h.c<.=...5N...s....._...p,..Ia...yo....=...Y..4...t.}m@....g._.......#.M{...t........t...;.bjh..l..84.C8..z....B9..[.D.R..}...r..e.pl...~.....<.~ `...Ep..b...L.^.9..x.vB..IZH.a,k..c..L..U...M0....}.n........H..<.!..B.(Y

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\Assets\150x150Logo.scale-140_contrast-white.png (copy)

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe
                                                                                                                                                                                                  File Type:PNG image data, 210 x 210, 8-bit gray+alpha, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2659
                                                                                                                                                                                                  Entropy (8bit):7.828610258666657
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:zQX9JrPPPPPPnouwOlIbylOhFARjcSY1E1y0fAiKb+Y+GzYvpSYWTX5sPPPPPPPn:z0rPPPPPPojFby+m00fAiKiySSYWTXqP
                                                                                                                                                                                                  MD5:EBE7D27ED3B4CB6566A10165ABFAA941
                                                                                                                                                                                                  SHA1:FDF7C27058CF5DAF7061756E938A33C1BBB26C3D
                                                                                                                                                                                                  SHA-256:0BD63FE653885286E180FBDF6D1DADC66AF242B8ED6BD1D03D8C5ECCC20E91D7
                                                                                                                                                                                                  SHA-512:50EC8592D78F00A6387F06E077E0DEF88DB26723C0FB8632C4EA06F2E09488DB0FB82E0EB1F03DA53F9C750F6CEBD29F7889B1DE342E4F0AE69F88C4B7B1425B
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:.PNG........IHDR...............V....*IDATx...{.]U}......"... .!.#..D .k..:.....5...6B..Q@+..lq.(%my.P..C-..Eb..<L5..<C!.1.$wu...f..}........5..Yk...^{.}..RJ)..RJ)..RJ)..RJ)..RJ)..RJ)..RJ)..RJ)u.d.Y.b?t..Q.E.,u......$o.-..rK....nw..7..w.TF..-...5=.r....?N...a.N.....~7..7,...r..-..q.}..R....Ye#y.u...IF2...Z..6.o.F....R1<w..]T..H..zw{.k..Y.L.Fm.k.ay.W.P.....I..,5G..C..........v.]...].-R..A......1.a;J-..>E....Qe'............#^VF.J.J-.....LRe.....|....g.M.e.+<.l$gHM.l..y..T.s#.Ow.o+....=...4....P"..J...("...]...~....z...h...P.*..QD....Fg.a..7m...W.`.j..C.q...E....D........8.i..D...^c...J.,.../.&rH[M..9.4._kfzN..#..bD.....[.D.4M3.....2Cs.........._k.Z%....bs7+...wkf...'.%..D.j..!M4A.z-R.k5.....q+-.*&j,..GE......p..(.j_V"......i.M...7.....E..LUz.8>i..jm....[.T.].F.%Q.;.2.....X.x.....-...b...;EQ..dU...avR[..V...f....`,.....J........K...........NWe.....Z:YT.>..{....-..(.uvV......P.x...m..ku.)q..Z>9vU;.)..xTC........j"..ra..D..(..6...t.Ib.O.....D

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\Assets\150x150Logo.scale-180.png (copy)

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe
                                                                                                                                                                                                  File Type:PNG image data, 270 x 270, 8-bit colormap, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):3904
                                                                                                                                                                                                  Entropy (8bit):7.301300867894784
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:Fe0zdfrjvg/ofL7NkqKgOL6bq64wL3XtakhXSTxyfO8cg7WZUScsO62vSQ6Q4MCR:JdfrYoDdbJlXBRSMoj6H626Qr45eg
                                                                                                                                                                                                  MD5:F332E088E89B88070EF1EFBECA5B90F8
                                                                                                                                                                                                  SHA1:86129A8B1E2E7F78D6CE23C58A37FAC9DA5E566D
                                                                                                                                                                                                  SHA-256:6A8F64754C75EDCC9ABC1138E44ACBD7064D7E8E2A28783939241DBD6AFA30A5
                                                                                                                                                                                                  SHA-512:2314AAE692C024F914661E46CFD76531DA6C09B94C084FE915A0594625927DF30282D09518A950EAFCFDD2E499B1E4877CF3CDBF5509DE0CC756DADCDE43FD45
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:.PNG........IHDR.............Oo......PLTE.....N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N...*....tRNS..8Uq...........jO+..D......o3.0y..b...g..a...@........_....d'...7Qp......K;..^h.\.W.../...S....-..J......&......Y..I!.P.w#...uT |....:.V...1.z%.Fn.6....N..L..$.2.?.e.s".ti

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\Assets\150x150Logo.scale-180_contrast-white.png (copy)

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe
                                                                                                                                                                                                  File Type:PNG image data, 270 x 270, 8-bit gray+alpha, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):3673
                                                                                                                                                                                                  Entropy (8bit):7.8322183683928195
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:nBWR5fosUcvpqnOtkeU4ghCboMmSaj+5UZy:MvHUUMnOtpz4Csz65UZy
                                                                                                                                                                                                  MD5:98B9F7A4F4322E7B46DE392FD20F66E5
                                                                                                                                                                                                  SHA1:D009D227522206C40CF592E460C9642CD03B8769
                                                                                                                                                                                                  SHA-256:A706B332E6A846357A86C30D0E8BB7697E7DD55C2AE592DD45611DDCE0C0BF14
                                                                                                                                                                                                  SHA-512:3B3E5BAF3CFC57119E0812DE2816DF6C7DCB42E96C4891E47C4F32320FD3BE2F27A0118051A6651595BAAAA30069BB1C0D78AA701744A44534CABE7547D4BECD
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:.PNG........IHDR..............1.... IDATx...k.u.......:.....*.o..I..J...L.H.(a...1....6S.....b.6..2M...fD.M..TN.5..o qx....;g..}^........."""""""""""""""""""""""""""""""""""""""""""""""""""""""q2.3Qr..z..<r....D.w.2.".r.*...s.......\..)d+.XJ.A........8Vq....g...vo.%..B..._M{.a&.XZ;.|r.v%."NaN.Q..R6....c.cN..~H..M1.X..a'%.d,=iZwF2...;.l.xU.H[..i.6;q.....#.y...w...... m.$~..$...L\E...l. .IM2s5.==.%..-....|.:,.`..........<.c-.".\....l...3...j4...B.sn@....Oxb.%.....B......$...-...WC).j..ru.s+.{.2"..5.c.q.e-...;.`-O1...@.G.F3.El.'..>$...(....d....6....%.CG\.e.[8.5.!.#....`q.3.W]X.%...$y...&...DZI....K..W.x.....%.......H+.O%../..n...~....C4...9nAZ..`..F...2.S.khhtz.E.(.CX....Uf....^&J:..@....$M......(.2..U.].O'vc...mzxlm....obq.M6....,.."H...}J'\yll..,....Jx..$/..X.uH.&.].....r,P-...[9.Q...Lr:....(..>..|..;.h4V.%y.|.]...$#....[[..d...U. ..B.H9..d.26.#.w..5.b....q....oq..0Z.y.NP..1.c.V!!.D=.k1.:.?.q'-..w.]..B,P..B...|....+X....j,..2q....

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\Assets\150x150Logo.scale-80.png (copy)

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe
                                                                                                                                                                                                  File Type:PNG image data, 120 x 120, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1723
                                                                                                                                                                                                  Entropy (8bit):7.769427546963699
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:MtXb2ikqrN+EMaUeTPMSEGS6CT/GF2MdJtDHBkZH39Hmgwiw:CXbzrzfUsUGS6A/ETJtHBYNG1iw
                                                                                                                                                                                                  MD5:1F2FB1BF463B2FF2BEC96784DEBFEF84
                                                                                                                                                                                                  SHA1:AE6F721AD937FE39F86602F71002435B18BF1EDD
                                                                                                                                                                                                  SHA-256:7E6B0D9EA7FDA1B5CA7A0B01290521DFF943DA4CBF1498412CA7D749DB42C32D
                                                                                                                                                                                                  SHA-512:0C92C4F75E620D0B636CFD83E89C69A44F6A96A00006FBD0B13637BA5DCC77C9B302029E62F4B80766811F31810F9C20AC1A98B65C38789951CA0E19A5BB6894
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:.PNG........IHDR...x...x.....9d6.....IDATx......... ..................s....P...m.m.m.m.m.6N......w.......-...g2/...)z.....K....~(^..`...j...z.^Sc.n.,.....0.VW..al6...a.....R0...k.Q..N..P.x.J[ol2..)o...A....x.....c.m;F...t.16.....L8....vb=AQ0.<.X).@....M......g.....k..,.AN...-..R......$....b..`...... %H....`6.g#..h.]q..5._.@dA..c0.;X....a.. .2...~..;.1..:.x.....q[@R....,4.w.v.._..s;.b..s.Qu5..U.|.6Zj...P..........\...qa. ..D..W.L...c.~.....A...F1g@x....V..`..,..D.=..d.i..Q...o.c...N......$.`....]...P}.G....BT. .?.......L.n..+nG./..cC.>0.N1.\.C..B..4.l./L.3....T.c.S..bf.0..t...J..!.aU..p`.....0./..}.iL.).w..hc.M..'.. ..;'.p.Rt....R.g......8.%14...S....<.Jf./@..U.h'.G.R..D.\..z.4......<....*2K.S.bj.1....=.../pd.........cfPL$7....S[.M.%H.M..W..T...ZP.aA~....D...+..~EYK.#..zOZ.]fA~...fz..].....7.>..|.........[...v..M..vb.........L....z.`.P...X..RP{.....`...+.0...l/..>...i.w...W. .....x....T...............t..+B}d*`/..+.;L...J..._...iC..pv..gA~..k.

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\Assets\150x150Logo.scale-80_contrast-white.png (copy)

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe
                                                                                                                                                                                                  File Type:PNG image data, 120 x 120, 8-bit gray+alpha, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1425
                                                                                                                                                                                                  Entropy (8bit):7.721284228612739
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:sRv0SxfL9UEp3g4/RjUG894TBRVPvhjfghucgXy2nRlWzIXQuohMU9ocyMDh:sRv0sq4/tU10XVPZjhy0Izy9srWcyUh
                                                                                                                                                                                                  MD5:17471BB63ED62A6E545B6B626A763511
                                                                                                                                                                                                  SHA1:586B9EFDE7B3A04580A49F8FE7739593D42D303E
                                                                                                                                                                                                  SHA-256:DFD1054F989CDEE25F19EA792F363F042A125CAB537A424F0224BBEE13607E39
                                                                                                                                                                                                  SHA-512:F619D963B62EDB07C8077C3C6AE60ED8D3F3DD5BB1D05A2B83DCA1A7A4A346598B055F6C7EA22E05BF281B1DE0F205F5D1054819000759D9450EE1FE8F6491AE
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:.PNG........IHDR...x...x......m.Y...XIDATx...m..e....}....d...9]9\...r2..L..37...S..."s..SV..].t).*.I..dh.Em..`A ...9.`......./..u.}...........v].KUUUUUUUUUUUUUU...~.p.....M.6Y..l.]...Fv..W;..o..d.l...r..{.d..r....a....r.y...@..>.z..C.l.qh............7{E:d.w.W..ZD.2[.~_..y^4.q.!./;GK......Z."s.m..9...{^.g...g...i..[$"F..x.Pj9.b[E...,.q.^.......v. w...4.I.E\....D....9......C".Q.._El0].=.Z`?.>gD....&Y-b...+E...(.f..~`..."^....Z...:\.h....S.v.v-KE,.8.....W.....Ag.V.....q..yD.<..6....x.d.N.....d..?.Q...[..".WZ&.,....v......Z...vG..k.4."...tv....".T.K.L.q..sQZ%.M3V..D...D.!.-.T.*b.n|W.u..xVl....X..._.."...n...5...W.?.1U7Z...p.>#.R.p..#QzJl.;D\..;E....Q..zl.w..wD.4 .j.u....D,.SE<..Bl.........U.Z.[D..._.4K..u.....mJ.e....&.m......-7*..X...:T.K.}..;~....."6(...O..(M..=.#.q.{..xHl..E,...v...3.`......X.[.E|S.IF......C.b.....r......9....o.\.x..WM..J..5.&.IJ......|...........q.J..!{t9L.Y.}D./5.."Vv|./4V.v....i...8Ji......ae18...>.q....0...X.,

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\Assets\70x70Logo.scale-100.png (copy)

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe
                                                                                                                                                                                                  File Type:PNG image data, 70 x 70, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1564
                                                                                                                                                                                                  Entropy (8bit):7.78686155071436
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:kO3Sxd5HLMZAoBjXkaBPxrX6hzB6eCvTYJSM2nY2YptQ/ceAV5ulBbYZwix2:MLLMWcV2z8nryWY2SDV5uPsqiw
                                                                                                                                                                                                  MD5:C3722E0232EC20AC8F99CCE7A040B294
                                                                                                                                                                                                  SHA1:91CA47DA87EC045ED3EF5D97243167F08FB9E10B
                                                                                                                                                                                                  SHA-256:A333D7E4293F5269426B3FCB673A284F3708A66F957DE62403B6570B24BAE8F5
                                                                                                                                                                                                  SHA-512:71940B8431E36307BA5176939A169B9259BB6B43C32529A10A12C5EA31447BDDCCAD7EB9EF7CB309B175EE7BD56E70926BD5AA0855D0FD9497547ECD7FF93158
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:.PNG........IHDR...F...F.....q......IDATx.....L../..m.m.m.m.m{.._...+...d...[.|..y.'.{8..N8..N8....x0..$.iA&..d..@r........&X...../.z..../.....{..../u~....|.._4$5..4...6....q..P..D.U...u...W....o@#..j .o....j...r..MI.n..X.RI.]..W*g.g..;...|.D...2..._.#..$.....A......I..r..GOF#F...L)..P.8.....G.. .l.m..J.=(+.{..@#....CH..|.:..n.%..0..*.{...O.+.Q.ORp...7L)dxS2H..Ge....e....$..k....iJT.~...eZP..A2....g..PUB..|....v.......>..k..~h3...40.x...(.......v.%.F......vl..h`>...P...4...W4.D...\o.9...z....3]........`.}t.......XI.[z..%....S<.e... .D..TA...'.....h....l...,...$7.......0,%....I[Au"...d&?.j......,..|...~F..pB...]......L.]d.v5...U%..h:}%..._.$...X.m.....S.yL...Bc.R;K..8...*..TiP.}5.g..p..m..s].ZU....H.{P.!,..?......t.U....=m-<.a.v..I$...u.T5..LG..b]...c6.19d;k%...3......,..I.[.1..:...YN...h.*5...W..._....dL6.v.Rch..~...i.1G....|].AU.k...H.[Q.a,6.5-....Gt.9U......n(.#...D.v......_.*...@I.}...i.u.@..w.T%..*.&Y.:o.X..3.Z.m..fW..5.....D...

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\Assets\70x70Logo.scale-100_contrast-white.png (copy)

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe
                                                                                                                                                                                                  File Type:PNG image data, 70 x 70, 8-bit gray+alpha, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1341
                                                                                                                                                                                                  Entropy (8bit):7.829707677562043
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:vHNfCYvjHq3yow73tnF7H1r8IR07iBa/ptAFjLmocqM3LNpi+MaG9vz:vHsY7Hq3QzT7H1r8Wr0/zAxfyLNp1Pab
                                                                                                                                                                                                  MD5:504D80D276ADCC0163A8E4720013F9E7
                                                                                                                                                                                                  SHA1:6D34A0593FFCE916CD19B66D61004FD7E7EB2CD1
                                                                                                                                                                                                  SHA-256:EBBE0B4761EA8968A0A3FAFB383AC7AE175E98CD31A0F41BDF5FCB43469B58EC
                                                                                                                                                                                                  SHA-512:9961259704FF97C0E1899A33259F62155B73264E272064F3FA90E64124513C7C8BD6AB69A39C1EFB271ECC2972AB8FD86FB836F22153A9BB35419C3816D11337
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:.PNG........IHDR...F...F......'*.....IDATx...{L.U......#A../.9S.&:/..%]ti...TL][Hm.n..8,gsZ..Zk....:u....lF...".I..[.H(.q...{.sx.</......y....9.9.<."""""l%.J..2.L...xFp?...?.8....:N.M..`2.i..M.uZZ+'..C......9.f.1.X.}He....b...$..V.."..'T........[.s..}..F.........t.lnK..d.5...Yr..ld..x.\...iP... ....X......a ...i.C.D.E.H.&......Y....h..G.....1..h..C..>t...$...m..+..../.<.n4.."..(w..%,.R-...t.$.?..#.QB.+.ep..-.....r3.LYo....A...1CVK..$=.ER....}.o.m<.....#....D]O 1\..}..^....,.|[..L..j..`...n.,...C.N.K..U...k..(.IF......1.....B6..X..U......oK..cvm...tP.....,lM....iAq.+...~.t..M.&...0......i(.y.Gq......Zw.,.H.|... .H...zXR...>....K... )S...E......V..H0UR*...P.....\.I......n.fj*.*|..1...U(=.....~@=.X....Hq...4.....D..4S-...x.t;.....X0.....`....j....+..X8....z.t..DV.6c.\....=Ri2.y.{ac..../Gv./....X.n..o....x..ha.d.....p..V.QRg....8...?.[Qrxo!...r....Ni.4tOHz...Ca...z.K....er....3...;....(.0..[r)6.J.3.S'..(.v....l..~t..".&Fwx..M....P....>.7.E.Z.Y.%.

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\Assets\70x70Logo.scale-140.png (copy)

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe
                                                                                                                                                                                                  File Type:PNG image data, 98 x 98, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2005
                                                                                                                                                                                                  Entropy (8bit):7.837796638299837
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:FtyHJuovwDhlXRvUCvqfPAuwdESKbtU04aQkClnRU8lbPxbsFIV4hEIA:FtygGwDhlX1oHO4KwCAQ9MEIA
                                                                                                                                                                                                  MD5:667BFBAAEB2D2B372B6E0D4BF4992CE4
                                                                                                                                                                                                  SHA1:4C6C2E07183963F59391945FBEE077B55F8F6B2A
                                                                                                                                                                                                  SHA-256:207519F1C7B6C7509BFEB7B55724997EEC6456C8BAF55E882E72FC5CD43DA221
                                                                                                                                                                                                  SHA-512:AC63A3DD2F6088E7849E3824C35FD58CA78EC77DC31E1F6CBD47DE7CC394318CBA7D2309912206A94180267BE057C2AF5C835424019E2A03EE33A2AB801BA9A4
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:.PNG........IHDR...b...b.............IDATx..........S.d..........=...F...m...5.r..........m....g{......[1..q./.D.B."......)h.a.o..x.p..r....]..\....b fR......W.a.."..Ix............58.G.G%D.....0lE..E1D.<...u<o...6>....-.`..FX....l\.....K.....{..Y........D...............B.<G.....7.5...8...\....?.!j.b..F..PH..X....8."..,..R....X...((..G.0..&~a...{..DA<v.....H.4Q.u..a..#<Bk...E ..b\@'...3...U.\..4M...o.m.m.m.m.m..$..R9......&..NMW..{..4].....m....h..y/..x....a.[e..7.ua.^.lC8....l0....1...r.&........G.......c.....d....F]...M.a&.M..V..?[..t.P.Xx...*<.(...s...'.Q....'.~{_......8....R.%..7|O.Bl......Sr....^..@..........us.".M..?x....*.T.....A....&.l........H`g..."...I}E.7..].=...C.gz........V!.EE.....7WvB.!.d..vJ...k.{?.......1.n/.Q.{.....LD..;k...\....]G..S.+....F3.}z.=F(.....$..D.[.y.... /Q..eU...]M.[r.......}.f.s..;..!...s..C...x...Y3...<....0.O.p.\..&5...f.u.....4..A..".. .lD..7.#..P.../.i. ......+...M...}/..U\...}..Ah3"t.....D...!v..V$

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\Assets\70x70Logo.scale-140_contrast-white.png (copy)

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe
                                                                                                                                                                                                  File Type:PNG image data, 98 x 98, 8-bit gray+alpha, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1697
                                                                                                                                                                                                  Entropy (8bit):7.76630495035972
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:TyhJvOYkuSoLYIWawZM7SkzaacHxXgr4RzhQpKP7C:6JWiEIOuWkCxCSzhQpCC
                                                                                                                                                                                                  MD5:93223E8777B581E988B703DF82593B17
                                                                                                                                                                                                  SHA1:40A035464C27041CCC87C7935C45100D93D1C948
                                                                                                                                                                                                  SHA-256:464AFAF960C32ABDC2C3937A48BF14C5D1A819B017E719FDED591D43A65D94C4
                                                                                                                                                                                                  SHA-512:B8A3EE4A71E609625EAB51F0F6DAFCC82CC47BA2C567CC8BF73CF6423056F9171276289BFDCC8428B7C07645097664065EE9B0B78874425BFF800178222FED12
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:.PNG........IHDR...b...b...........hIDATx...........9.Q.f..ttS....u....%..1.a.s.!f..c.b.b.K7QFg3..Y..2M5..6:B..z9.%..N.s>9.{.=..........|.7------------..QNt.G..].E.....b.s.e..X.C...Q.b.;.p..m......g....L.\te.G\.d...F..X..=f..]y.A..\e.t....Ei''...d.X...X..7[TYh.1J..g...y....]/.,r...........mi..2.6J.6Yte.....g.....<o...;..v.T..KJm..\T....i...G.."Qe.c..1.I.T#.6...2...7.y.K.*'.....p..J.2S.V...zf..Z%b..Z.6.z._j.}K..w..R.2.Y..M...P..l..d.JG..Sm..0V..o.u.'R..6...(U.k...k.+m..i].n.ub..D.b.JwJ......-1..(. U..|.^....(."UO..z;.@,2Vi..D,...;K.NAi.."f.TO.j.XlO..}$..M6..".iC.."..MO]-..[(]"U.i..E...J.K..zn..".V..M..i....q.(=%.5...R.e...:P."..(.*U..[...M.G~C......Q3)..]o.%U.*./.c....t..:J...q..k...g...R....\...A.@.kl...H.vJ...x..../....9.:..?q...Y..":@i...4f..E.Yi.T}^.....Q..#..h.#"...4S.y.l...AiG.kl.QWI.nJ.E.F.}M.tP...9...U.f..g...../....]..U:N.{..B..A.2..i.Ru..A"..+jg.kE./Ru..R.g.D...n.q..X-b...f...b.+.q......gD.Y.....q.....t..kA.."&j..Ru..."...j..D..4n.S.wD..gG.x..

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\Assets\70x70Logo.scale-180.png (copy)

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe
                                                                                                                                                                                                  File Type:PNG image data, 126 x 126, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2699
                                                                                                                                                                                                  Entropy (8bit):7.8799233652993115
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:Is+9LgA+9fj19UhKwdgrviOztr/CrWbqCLRTFxFCEEgq0Ol81sqAGz:IlSN1gBTOztr/jbzdh1y0wl1+
                                                                                                                                                                                                  MD5:704D0A2693B350E7C463B0FF2143835B
                                                                                                                                                                                                  SHA1:0313AD4C3690A590AC54552D2C27806E73776600
                                                                                                                                                                                                  SHA-256:D6367DBC074E37F3488C26B0BAD229BFE99F5C6BB0E28D37B41906C436152B57
                                                                                                                                                                                                  SHA-512:4517B2FA911149885EC5549F3173D3C774716740826873E4B2199C804B17E776A5296565930E5ACDB8D5476710A391B21E6DA8941DF64C525A487DB4619A1EA7
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:.PNG........IHDR...~...~......#.....RIDATx......................f..`....6..m..j#fm.qm.Am.m......%_...q.i-.>dh.........q.o!!..]...LC.TF..D.o.8...8.O..|.iLC#$PO<..1P.....wX....J..<5...$`O1.YU..g.L....<.....h....K.4Aw.....[.I...yU)....D|..x......`f..................9f....Y...p..!..E..U%...]......l.#.....#gPB.5...^C4.G.........g...5R... ......W.~H@. .*....8.....G...N.U...c....J".....YQ.m0....b.5.V.Y....:.......(W1.E...yb.,..a.bT.^.O!a...6...+!:.*..|O1......ZQ9...M.6.....!.6..O.XI...#jF..w.o.#|c...%Y.h.m.m.m.m.m.......8.qog.N.....3.}...R.....8...P.M.....].....B......3xs...:M!...K.;.mL.7l.N..=..7......sfJ.;..|Q........}:m..08...y.+.5...D..:....|8.m.]........04Z..b.......c.r....|.....m.6/..!...Y..)4._..0KY.e.[.qL.!...X ..jk.....|.....Ki....q...28...-.....<....4.d`.Z{.-]|B..3 PJ.gP.iW-..]m..61c...8.b.,.. P?&.0........A..!_k`.\.s.>.......d..R...."*<.e../.A.S .+...O.Oq.&.B.Y.6...S.!W^....... ..3.A..*...GA.uX.|[..Oh..=..[..9....l-.l..+...mM..Xu_.#)..

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\Assets\70x70Logo.scale-180_contrast-white.png (copy)

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe
                                                                                                                                                                                                  File Type:PNG image data, 126 x 126, 8-bit gray+alpha, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2334
                                                                                                                                                                                                  Entropy (8bit):7.8839656878677005
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:W/zeI9zj1u/VwgVNR+vEgxOfU99BpcZlp9uqRhq4eZDU0BMK:W/zn51gxN4RxH9hUlpkAMt/BT
                                                                                                                                                                                                  MD5:39E2FCF13C20103C5F449C06D3A4CF75
                                                                                                                                                                                                  SHA1:AE8E1BCE2BE17ED450D891864E6AA22642AF39AC
                                                                                                                                                                                                  SHA-256:5D46E4056F3915C279F1FA9EDF61D93529FBCAE5C59D616380EC5D9405B7763D
                                                                                                                                                                                                  SHA-512:8E4902262B064008804D49D1B5F27BB7B8F33ECEFB05181AA69534E1D21662719DD4F8E0677C58215F6C5CA9EB4FB92FCA54A89F9720230AFBF06A70216ABF26
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:.PNG........IHDR...~...~.....H*m.....IDATx...{p......1\0<.%.1<........L.(.0P....R.(Hkk.3.>(-.X.t...>.Q........#P.H.JECxZ.<...5...${.7......../...g........x<.....x<u.0.Y<.f.s.r..7..1.Q.#.#...X...C|.r.......h...b.e..D.[.H..RG.q..f\.9RhV.y....<.Z..0..K.9.c.s(.C9...d=.4..YJ.V....l2..Y,.....u..kH&........rFh.Na.k8A%J..<.-D...Wc.EL'..T~.......I.........N..F...<E.Q$.*.-N2..a.D..;H Jt..%q.....ml......3L$.n..-.Ha0SX..\.#..w..28..W...Z.......Y.......o.......v5.......|...xv.X.G5m.e....tzq.e.7.G.r..Q...D2l.^....E)J..14............~..HCg8...JZ..TN....id..l...3.Vz9...` ....%3.F..v.JG'....Y...,.lc"-.K.]y...h.m.0C.I....".(Gq....g.S>E#....C..+.....].u...+..I...g....b.H....3d.S =.O,.7[...q.|.6/..U.U(.ed.,....DX{.JA}.im;..)..ld.p.*?....QK.....H..i.....#.~&=.&....pZ..&.2....J.s....p..r...y.e.....c..3.g.H.z".#....C'M.h...?......v...&"...z.e(i.+Wz].....<....?....M+s.&....d....*.0n.....s...<Ws?I....?.{...`5z3..w8.........s.B.d..K..K....LLY.j..^...a.p.~.z....-......l.dM.

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\Assets\70x70Logo.scale-80.png (copy)

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe
                                                                                                                                                                                                  File Type:PNG image data, 56 x 56, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1096
                                                                                                                                                                                                  Entropy (8bit):7.755097954664401
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:TDh4JYYFMId219dZt07Zcglb4iS/cFEAAabL3/006Fs:B4JBMPVEbCe/006Fs
                                                                                                                                                                                                  MD5:32D3E390613CDDBD639E70DDB2511AC0
                                                                                                                                                                                                  SHA1:C96AC088E72D756F31896B16776EF100379F802C
                                                                                                                                                                                                  SHA-256:DC20E5AA2B500CD5B5C9F89647D3487810685C94268F22678E27820E2454BB3E
                                                                                                                                                                                                  SHA-512:7381CEB8FEE84F398082177F30DC01593BEEFA729C73B0166AF686BCD25D54312B202D9243834B754769DE41E9A1DEED74CA91A76DCDA918A749CDB4F08C124B
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:.PNG........IHDR...8...8.......;.....IDATx...S.,I....[k.m.m.m...k.f....0..Ag5..<.w.1...r:..g.+...+........MX.k`=l......\(...........,vDq>.......x..`wl.U...x..[.....(..p...@u..z...1M../.D>...z..'vJ..U..'C.......?c:..U........GQ...,.P.T<...-..|$~....q..n=L..iF....X....q.......p.6{q8.u'*.R..C...Qg..YCN.:........#g^.R...w.......U..j...H5..eF......iO`..4r.R.[.....0...9{....u.v....X6!>.F`*.Nk.....J...5.P..}..F.\..Lk._.`.#...od..7..4!V.......-...{r.P....9^5.2.(.G..OT..<9}1....A..Q...U.{C.....o..S.....S...b....z..T...o....z..Z.xv......O|.8.....u......c...?.....u.u........p4.v`......kQ..4.....jzf.^....F..4...j:.._K.;..z]..0.0>..........|..W..Z5!6.b?....2O.....,.>.Q.y..-...._..k..w.}.V....s.o....W*..._Q...X..=Tcmc{N.P..1..j..'...l.-.?j^2..*~}Zo.J..7..F....D.91.....#2^..7.}7........$.:P..oc"6I..)n...|A..G.....l'..x..bM#.|...e.yT...k..y.]9...2.ao.z~.g`4....e0L..........t....n*.....}D.>.O..Vv..vE.Qs.\.~...s..........v.....T..7..A.9.s.]zQ...Gb.q).2....e...

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\Assets\70x70Logo.scale-80_contrast-white.png (copy)

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe
                                                                                                                                                                                                  File Type:PNG image data, 56 x 56, 8-bit gray+alpha, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):901
                                                                                                                                                                                                  Entropy (8bit):7.682141855410327
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:x2BZqWXRHKkqILfEDtySHnb98XPA8KWstHNMufZ4jJO2C:xZQEC8BywBmPAGpC4jJa
                                                                                                                                                                                                  MD5:E6ADD5AFC73F7B06FC2348550595F8D6
                                                                                                                                                                                                  SHA1:4D658BDDB93FA6CB423EBC61BD20DB37E4D37DB6
                                                                                                                                                                                                  SHA-256:DD6F46D32C3E235508F9E4C7D7F993BD807D955BCA7E63CF3D57C6C4C102F46D
                                                                                                                                                                                                  SHA-512:55437DFEA7F68A4572DFC86B5428CBE9DB86C0D32D0B09BA6B7B1CF8E49E5F1BB94285BBDC97D8EE00D70BA75921DB59644787C1BE1672FE37CEE09441F249B6
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:.PNG........IHDR...8...8...........LIDATx...mh.e...c....#.."aM..f!Dh....eFaa......0$3.a.bS.(!..$..@%1-+.,.ge..\.9..=<...}...=..7.\'7.-////...T.2.x.F...Ur.5.v..L...Iv..-..a.1&...Y!...U.S%..a......k.V!=....'..M.Pl.F!..s.V..B8g.n..9a......Z.k.....vH..i]V.Yx.....ve:R.I-.c.d...\......S.s<.?....`....).Ab.za^.s.1....~r4[...6a.......$6.o.I.z..A.Z.HG.:.r.C..E..<+.#Q..P.J.._.xYX-...[I.'l.o.{...Q.Y.E.'.V..3...H........i'.w...........:a<...W2.I..0P8(K...IL.V....).V......=". .....;.,....F&..U$6.....d...e.T.}aK...4I.!.(.U."...,}-\G.Rx[&..O...$Kk.I$.k.[&..c......S,.v.....(.Ao...,...K[&T..|.......G.G.6a.++t\..*.?...La......F.....r9..t.U.9.DG.8.o#..j.d..L.~..;B....e.f....*,.......b{./.....N.......`.e$npL.U..f.j.I..A....Oa.^.F.N8`...xU.........@?..t%$.,...l.n)._h0/U.d.....l.C...I....R..)..........3H...N....h.9j.2.{.n_...y..m.9.5.^...H7.i.A.....e.?..R....]....IEND.B`.

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\Resources.pri (copy)

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):3072
                                                                                                                                                                                                  Entropy (8bit):3.118957212117411
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:Whs+6rek/gF1A6Gbi+4eTy8iPTUucUITUuqQTUGUQTUsITU6UQTUQITUuUQTU0I0:WWnep/FFLxPoRJo+oGpoBo6po1oupop0
                                                                                                                                                                                                  MD5:400817D0A91767CB830767AA94383F31
                                                                                                                                                                                                  SHA1:73F36C895190223F94E4D52657F14454B2BCBA44
                                                                                                                                                                                                  SHA-256:35D92C86C1C054D1C03F4E58B83681BBFD8573143EE5E4CFB4CBD788A1FFC107
                                                                                                                                                                                                  SHA-512:2216DFC65E24961A18A4622FF6D8D8A1330283E64477A0E44BAC5B8F9A4CB5690FC90F598BBC152214EE6AA8770FE6608C4C809EC6F2CC73547D8166603B3E15
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:mrm_pri0........ ...............[mrm_decn_info].............8...[mrm_pridescex].........8...H...[mrm_hschema] .................[mrm_res_map__].............@...[mrm_decn_info].........8.......................................................................................................................................................................................................................................W.H.I.T.E...8.0...1.8.0...1.4.0...1.0.0.............8...[mrm_pridescex].........H...........................................H...[mrm_hschema] ...................................U^........m.s.-.a.p.p.x.:././.O.p.e.r.a./...O.p.e.r.a.....................L.......................F...........A...........O...........1.../.......7...!...................................F.i.l.e.s...A.s.s.e.t.s...O.p.e.r.a.P.R.I.C.o.n.f.i.g...x.m.l...7.0.x.7.0.L.o.g.o...p.n.g...1.5.0.x.1.5.0.L.o.g.o...p.n.g..........................................[mrm_res_map__].........@.......,.......................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\installation_status.json

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe
                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):12876
                                                                                                                                                                                                  Entropy (8bit):5.285663893168161
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:rsWYN1qQ3YWu4pmiW0grKIxuQOHFXr3GsJHGJ/zr2+k1AyzrdHwGw4:rsTt3YWXpmiW0gNug/7B4
                                                                                                                                                                                                  MD5:DD631F3A70EB62A6C0F09C10130D1569
                                                                                                                                                                                                  SHA1:D1D0F56CD9B837EEF0F82C474A095D3244B92ADF
                                                                                                                                                                                                  SHA-256:4B67F35C302CBBE52E8C3F52032CB7E61ACDC335B08518A773904E8376AA4B5E
                                                                                                                                                                                                  SHA-512:D29E77C365A1E2446D6267A35096E0B47AF91FC2209CE16F9742D584B4B77E2200DAFE4C508C15EA95386D1684BDA6162EB0DE9028D7E5A632E0A3ECCC9AB54D
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:{"_all_users":false,"_launch_from_install_dir":true,"_skip_launcher":false,"_subfolder":"107.0.5045.79","app_id":"1711816766","copy_only":false,"files":["107.0.5045.79.manifest","CUESDK.x64_2017.dll","MEIPreload\\manifest.json","MEIPreload\\preloaded_data.pb","d3dcompiler_47.dll","dxcompiler.dll","dxil.dll","fonts\\Inter-Black.ttf","fonts\\Inter-BlackItalic.ttf","fonts\\Inter-Bold.ttf","fonts\\Inter-BoldItalic.ttf","fonts\\Inter-ExtraBold.ttf","fonts\\Inter-ExtraBoldItalic.ttf","fonts\\Inter-ExtraLight.ttf","fonts\\Inter-ExtraLightItalic.ttf","fonts\\Inter-Italic.ttf","fonts\\Inter-Light.ttf","fonts\\Inter-LightItalic.ttf","fonts\\Inter-Medium.ttf","fonts\\Inter-MediumItalic.ttf","fonts\\Inter-Regular.ttf","fonts\\Inter-SemiBold.ttf","fonts\\Inter-SemiBoldItalic.ttf","fonts\\Inter-Thin.ttf","fonts\\Inter-ThinItalic.ttf","headless_command_resources.pak","headless_lib_data.pak","headless_lib_strings.pak","icudtl.dat","installer.exe","libEGL.dll","libGLESv2.dll","localization\\bg.pak","lo

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\installer_prefs.json (copy)

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe
                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1672
                                                                                                                                                                                                  Entropy (8bit):5.1585286584857535
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:Yv8IYHRHLq8PBAfjXLme9Aw3r8PtJwsMh2eZuyrzsH:v7WzLmuAwaKsMweZu86
                                                                                                                                                                                                  MD5:F589912A6691DABA6EB0C1EF4B61B9FD
                                                                                                                                                                                                  SHA1:C4D4BE0D5F40B0ED0CB73B729AB4087E408ECE8B
                                                                                                                                                                                                  SHA-256:984090E1A332F8FD37B22F81EC9D0DEE3A0135A5B201B0389BEA3A5A3BA985C0
                                                                                                                                                                                                  SHA-512:D51BA8940F5731222714CB1E827C7E3E73E94E4DB4BCFD5988D97E0E0C22B5E9870116FCC8DD06B4D0A72CF59E4A4BD6A8CC79311E2AFBB476A7160A079419BF
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:{"all-installer-experiments":["installer-experiment-test@2","installer-bypass-launcher@2"],"autoupdate":false,"browser_edition":"std-1","country":"US","enable_stats":true,"features-dna-requirements":{"818c3ef12d0b":{"forbidden":["5b3eb4a6c335a0659d16d1a189ca155e4441ea14"],"required":["64336fb81a04836eb8108d24fbca3aa3682db0a5"]}},"features-remote-flag":"01979299c8cd,13e025f64bd6:disabled,13eeaf851da7,15322f489976,1ad69b007ce5,1c4dddb65bac,1d24dceb937a,278deecb29a1,2c1429a5a72e,3389f6c15eb9,40db6e644d2c:disabled,50796754ffc7,5448a57d6689:disabled,54726ed4401e,56d717ae3ad6,5a28d66c82cd,603cade21cf7,654296fe9d6c,818c3ef12d0b,8511df77ed15,970fe421a344,9ec4e68ae70a:disabled,b2a2a32b832b,b7751444d14a,b9677b166709:disabled,c24103d5839f:disabled,c25d6d8d2719:disabled,c57119eb4723,c9a44eaecc11,cbc43aa3cfb6,ce1c7c17ef6e,d144067b33ec,d4b5093b464f,e2c9ffba8439,e7de6afa38c4,f17eaee53639,f3834d6657d8,f77fe4682650,fc82980101cd","import_browser_data":false,"installer-experiments":[],"installer_id":"1b6

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe
                                                                                                                                                                                                  File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2304416
                                                                                                                                                                                                  Entropy (8bit):6.440570911194646
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:49152:bCbc+v3neoFjYL1yOWK6NAxq8N0+cP27KIE:0v21yyxhI/
                                                                                                                                                                                                  MD5:D737A64C835D918DBE53B2C7724488FF
                                                                                                                                                                                                  SHA1:E5C7003AB10328E95D015AA75C08479B4CC1005F
                                                                                                                                                                                                  SHA-256:E8ACDD3FDF21ACE7F2A5A1A82CE5655A18FC52FC81D354A5FF685AA868FE1A98
                                                                                                                                                                                                  SHA-512:D6E90B9B32B2C5D3FEB0012E3A5BE5AA6E27801FECDE87BEF64D7BB8A23FC5BBDDE2A60A42F001B7515188B8BF23F8C959308C465F88FB62798814611021BAAA
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......f.........."............................@..............................$.....x*#...`.........................................`...b.......h.....". ....P!.......#..)....$.H.......8.......................(....S..@............(..x............................text....,.......................... ..`.rdata..0....@.......2..............@..@.data....A..........................@....pdata.......P!.....................@..@.00cfg..0....@"....... .............@..@.gxfg..../...P"..0.... .............@..@.retplne......"....... ..................tls.........."....... .............@...LZMADEC......."....... ............. ..`_RDATA..\.....".......!.............@..@malloc_h......".......!............. ..`.rsrc... .....".......!.............@..@.reloc..H.....$.......".............@..B................................................................................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\launcher.visualelementsmanifest.xml (copy)

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe
                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):317
                                                                                                                                                                                                  Entropy (8bit):4.996593526126476
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6:ejHyaVic4subiL/bWHMjizddDhkQwYZXXKmJfFmkQwYEbghuPYEpwhugVFQ:eF8iDbWHMjizd2O/fbrghuP5whuQFQ
                                                                                                                                                                                                  MD5:E8D8EAA4C2826C083AB9243B5CBD7BF8
                                                                                                                                                                                                  SHA1:534361AE03417DFD14EBD6F961B707C75A2AF41A
                                                                                                                                                                                                  SHA-256:B3213B07F691C812425115428B9D6E0637D488159E0A1C160C8FA8F04DED11F6
                                                                                                                                                                                                  SHA-512:8ECCD5EF54A73E915A39CDEF9768837DD16E49AE27A3AE6428FB346C9C838FD9DBEDC3F40A9094754C770CA2236A0D2DFDE37D22289218D862AF5E8BC15E85E5
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:<Application xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">. <VisualElements. BackgroundColor="#06030D". ShowNameOnSquare150x150Logo="on". ForegroundText="light". Square150x150Logo="Assets\150x150Logo.png". Square70x70Logo="Assets\70x70Logo.png". />.</Application>

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe
                                                                                                                                                                                                  File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1508256
                                                                                                                                                                                                  Entropy (8bit):6.3613305257387776
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24576:pXR9qeSQ6bJcfTBRaVGuc2uzIGZDyF1VPthv:JOeSDbKLfaVGn25GZwlV
                                                                                                                                                                                                  MD5:F452A15BC7E4392149F6BB2675EAAA59
                                                                                                                                                                                                  SHA1:85CC0A95ECBE0E01D0C47AA4C4D37AA41DF48F20
                                                                                                                                                                                                  SHA-256:B2A73AA659A5901760E6CECF28491386241339C2911481383CE9F119F3EE7231
                                                                                                                                                                                                  SHA-512:50F57F806E81A20B11B32F9692E4514D6D81298DD257DB440D503E3EC5044AB293D5EE72C0971A423FFBFF70009A878F308D0613874F6ADC49C0EB375C1FCC94
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......f.........."..................%.........@.............................`......x.....`.............................................k...Z...P.......8................)...@..........8...................p...(...`...@...........X................................text...+........................... ..`.rdata.............................@..@.data...$...........................@....pdata...............~..............@..@.00cfg..0....0......................@..@.gxfg....*...@...,..................@..@.retplne.....p.......,...................tls................................@..._RDATA..\............0..............@..@.rsrc...8............2..............@..@.reloc.......@......................@..B................................................................................................................................................................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\opera.visualelementsmanifest.xml (copy)

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe
                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):317
                                                                                                                                                                                                  Entropy (8bit):4.996593526126476
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6:ejHyaVic4subiL/bWHMjizddDhkQwYZXXKmJfFmkQwYEbghuPYEpwhugVFQ:eF8iDbWHMjizd2O/fbrghuP5whuQFQ
                                                                                                                                                                                                  MD5:E8D8EAA4C2826C083AB9243B5CBD7BF8
                                                                                                                                                                                                  SHA1:534361AE03417DFD14EBD6F961B707C75A2AF41A
                                                                                                                                                                                                  SHA-256:B3213B07F691C812425115428B9D6E0637D488159E0A1C160C8FA8F04DED11F6
                                                                                                                                                                                                  SHA-512:8ECCD5EF54A73E915A39CDEF9768837DD16E49AE27A3AE6428FB346C9C838FD9DBEDC3F40A9094754C770CA2236A0D2DFDE37D22289218D862AF5E8BC15E85E5
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:<Application xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">. <VisualElements. BackgroundColor="#06030D". ShowNameOnSquare150x150Logo="on". ForegroundText="light". Square150x150Logo="Assets\150x150Logo.png". Square70x70Logo="Assets\70x70Logo.png". />.</Application>

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\pref_default_overrides

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe
                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2
                                                                                                                                                                                                  Entropy (8bit):1.0
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3:H:H
                                                                                                                                                                                                  MD5:99914B932BD37A50B983C5E7C90AE93B
                                                                                                                                                                                                  SHA1:BF21A9E8FBC5A3846FB05B4FA0859E0917B2202F
                                                                                                                                                                                                  SHA-256:44136FA355B3678A1146AD16F7E8649E94FB4FC21FE77E8310C060F61CAAFF8A
                                                                                                                                                                                                  SHA-512:27C74670ADB75075FAD058D5CEAF7B20C4E7786C83BAE8A32F626F9782AF34C9A33C2046EF60FD2A7878D378E29FEC851806BBD9A67878F3A9F1CDA4830763FD
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:{}

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\server_tracking_data

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe
                                                                                                                                                                                                  File Type:ASCII text, with very long lines (904), with no line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):904
                                                                                                                                                                                                  Entropy (8bit):5.530753116103
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:n2iq0sNQsB/GUjFo8FlEfNHPOr5FlvA4jt:NqlJGURtF6HPSFu45
                                                                                                                                                                                                  MD5:D8690D3C9D3B6CCE92753AA3F076BE93
                                                                                                                                                                                                  SHA1:E890A27B79AF20966480103FA2DCEC406F250B2E
                                                                                                                                                                                                  SHA-256:72D36AAB080ACF83877A38E99309E35AFA8659C5A9D0966A8F0939783F0ECAD6
                                                                                                                                                                                                  SHA-512:262B29AA027222DCC648E8164C4D25D6E97A76B5624B60141E4871997B4FF49F3AB6DE63F874B42B0E8C2E403577F46E768ED90CEA6406A57252030A68FE1EA1
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MzQwYjFlY2Q3YzUwMzljOWRhMzc4ZWY2NDVlZTkxNGE5MzY0ODhiMmM5YmFiMDE5ZTk1N2JhOTU2NTJhM2RiNzp7ImNvdW50cnkiOiJVUyIsImVkaXRpb24iOiJzdGQtMSIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOnsibmFtZSI6Im9wZXJhX2d4In0sInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS9lZGl0aW9uL3N0ZC0xP3V0bV9zb3VyY2U9UFdOZ2FtZXMmdXRtX21lZGl1bT1wYSZ1dG1fY2FtcGFpZ249UFdOX1VTX1BCM19ERF8zNjYxJnV0bV9pZD1hOTUzMmNlZWRiYTc0NzJhODlhNzNhZGI3MDI3ZGI4NSZ1dG1fY29udGVudD0zNjYxXzIzNTMiLCJzeXN0ZW0iOnsicGxhdGZvcm0iOnsiYXJjaCI6Ing4Nl82NCIsIm9wc3lzIjoiV2luZG93cyIsIm9wc3lzLXZlcnNpb24iOiIxMCIsInBhY2thZ2UiOiJFWEUifX0sInRpbWVzdGFtcCI6IjE3MTE4MTY2OTkuOTMyNiIsInVzZXJhZ2VudCI6Iklubm9Eb3dubG9hZFBsdWdpbi8xLjUiLCJ1dG0iOnsiY2FtcGFpZ24iOiJQV05fVVNfUEIzX0REXzM2NjEiLCJjb250ZW50IjoiMzY2MV8yMzUzIiwiaWQiOiJhOTUzMmNlZWRiYTc0NzJhODlhNzNhZGI3MDI3ZGI4NSIsIm1lZGl1bSI6InBhIiwic291cmNlIjoiUFdOZ2FtZXMifSwidXVpZCI6IjFiNjA5MDQ5LTIxN2QtNDVkMy04ODZiLTM3N2E2MTY5YWJiZCJ9

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\0632bf04-8c0d-4e0e-9709-24c59d559786.tmp

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):384
                                                                                                                                                                                                  Entropy (8bit):5.200828148768964
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6:YSAILzPl3DBDmNYwD5YBxFAZWdHnOAb6Hah9LWIoSN8mNA4YBxcowHY:YSLrlNDmNY2SBxFAYHnz66mSN8mNAfBH
                                                                                                                                                                                                  MD5:00B5B7E50BA5783AEBEBA911567E83E7
                                                                                                                                                                                                  SHA1:6C0D9282B3811405982F560A697F3F3E3BAA7434
                                                                                                                                                                                                  SHA-256:A0000576CC90424458F2BBD10603FFAC52EC96E273678A25FE66973C9D8A3C1D
                                                                                                                                                                                                  SHA-512:F016144881A089FA5BB8623E786D70C7EFF2F1E95F2E07E34E4F61792DCBF2D708DD3796EC260660D30001B246FF7480688C3A2368002FB09D88783E8B4CB5AD
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:{"welcome-url":"https://redir.opera.com/www.opera.com/gx/firstrun/?utm_campaign=PWN_US_PB3_DD_3661&utm_content=3661_2353&utm_id=a9532ceedba7472a89a73adb7027db85&utm_medium=pa&utm_source=PWNgames&http_referrer=&query=/opera_gx/stable/edition/std-1?utm_source=PWNgames%26utm_medium=pa%26utm_campaign=PWN_US_PB3_DD_3661%26utm_id=a9532ceedba7472a89a73adb7027db85%26utm_content=3661_2353"}

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\577505ca-7972-4834-90ed-f6bc972f007f.tmp

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):399
                                                                                                                                                                                                  Entropy (8bit):5.238901489489838
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12:YGKed2pHlUrlNDmNY2SBxFAYHnz66mSN8mNAfBxcoyY:YdHHlUZNcPyrzHu69eH
                                                                                                                                                                                                  MD5:CF4BF25AC534FC31FE18F1BC0CB28D04
                                                                                                                                                                                                  SHA1:C3C0BC46F0256BFD18AB27D3E035380288F76553
                                                                                                                                                                                                  SHA-256:86B1599719660ED86172CBAD7B41D18E8E6C59C4A36365792ACDC6F4AA39DC3C
                                                                                                                                                                                                  SHA-512:EF6FBA0750680AC2286EE103C2D7C6953E4E5A17CB9805F9E7DBDC67CE2F6F9508C3C39BA72FE8B75CC5779B525FBD6562F605658524DB94BF6EC17937D2A887
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:{"country":"US","welcome-url":"https://redir.opera.com/www.opera.com/gx/firstrun/?utm_campaign=PWN_US_PB3_DD_3661&utm_content=3661_2353&utm_id=a9532ceedba7472a89a73adb7027db85&utm_medium=pa&utm_source=PWNgames&http_referrer=&query=/opera_gx/stable/edition/std-1?utm_source=PWNgames%26utm_medium=pa%26utm_campaign=PWN_US_PB3_DD_3661%26utm_id=a9532ceedba7472a89a73adb7027db85%26utm_content=3661_2353"}

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\Opera GX Browser .lnk

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe
                                                                                                                                                                                                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Sat Mar 30 15:39:26 2024, mtime=Sat Mar 30 15:39:26 2024, atime=Wed Mar 27 07:51:27 2024, length=2304416, window=hide
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1435
                                                                                                                                                                                                  Entropy (8bit):4.926474739168592
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:8m0bHfOAp8D+Qh85ReRCMNYLKW/k8AyPmJGmIA4Zrqy6EZWNEyogm:8m0bHuDBe5ReRCMNYeW/AyPmJGmzy6EI
                                                                                                                                                                                                  MD5:5C13349CA0DA561D14500DE0A0C88A1B
                                                                                                                                                                                                  SHA1:A6613B906BB9A0DE4630933DB99F37A7A8D2F0FB
                                                                                                                                                                                                  SHA-256:9FD657AB061820E37003A3A27FF5150F4764D23FD8D7866E45DBA58B8B9591FA
                                                                                                                                                                                                  SHA-512:3976DD52766121D2E5CA586528F5584056F58629B70E6704C4DA9C62000645903727AFF2830BD15D4A7C9BA84092147DC8A8C625E6BC4704E650348C17517952
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:L..................F.... .....T.......T.....$.:.#....)#.....................(.:..DG..Yr?.D..U..k0.&...&...... M.....M.(.....K.e.........t...CFSF..1.....DWSl..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......DWSl~X......B.....................Bdg.A.p.p.D.a.t.a...B.P.1.....~X....Local.<......DWSl~X......V..................... ..L.o.c.a.l.....Z.1.....~X...Programs..B......~X..~X............................}..P.r.o.g.r.a.m.s.....Z.1.....~X...OPERAG~1..B......~X.~X...........................7...O.p.e.r.a. .G.X.....f.2..)#.{XnF .launcher.exe..J......~X.~X.....gC.....................8..l.a.u.n.c.h.e.r...e.x.e.......k...............-.......j..........._.R......C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe..*.....\.....\.....\.....\.P.r.o.g.r.a.m.s.\.O.p.e.r.a. .G.X.\.l.a.u.n.c.h.e.r...e.x.e./.C.:.\.U.s.e.r.s.\.a.l.f.o.n.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.P.r.o.g.r.a.m.s.\.O.p.e.r.a. .G.X.............:...........|....I.J.H..K..:...`.......X.......347688...........hT..

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\additional_file0.tmp

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1499104
                                                                                                                                                                                                  Entropy (8bit):7.985603261747699
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24576:4ACKcQz8HkfJ8dQnd4GrbwsgY+UfLBCQdI5f3cjCRgCPPWCUZry8k/GUrbN:5pT8HkfJ5eGrbmR0afsXCBrG
                                                                                                                                                                                                  MD5:E9A2209B61F4BE34F25069A6E54AFFEA
                                                                                                                                                                                                  SHA1:6368B0A81608C701B06B97AEFF194CE88FD0E3C0
                                                                                                                                                                                                  SHA-256:E950F17F4181009EEAFA9F5306E8A9DFD26D88CA63B1838F44FF0EFC738E7D1F
                                                                                                                                                                                                  SHA-512:59E46277CA79A43ED8B0A25B24EFF013E251A75F90587E013B9C12851E5DD7283B6172F7D48583982F6A32069457778EE440025C1C754BF7BB6CE8AE1D2C3FC5
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ`.....................@...................................`...........!..L.!Require Windows..$PE..L...'..P.................(...F.......-.......@....@.................................7........................................b......................H................................................................@..d............................text....&.......(.................. ..`.rdata...5...@...6...*..............@..@.data....)...........`..............@....rsrc................h..............@..@........U..`.A.......S3.;.VWt.f9.b.A.t...`.A.P....P.|..Y.nj'.v....u..v..=.BA..6P......P....9^..].v8.^..3......hhDA.P..........P......P..pAA..E..E....;F.r......P.J|..Y.24..j...lAA...t$..D....3.9.H.A.t...@....9D$.t..t$.Ph.....5@.A....BA.3.....D$..`...|$..u..@.....3.....t$..D$..t$...`.A......t$...P.Q..%`.A...D$...V...t...P.Q...^...VW.|$.....t...W.P.....t...P.Q..>.._^....T$..L$....f..AABBf..u..L$.3.f9.t.@f.<A.u..S.\$.V..C;^.tLW3.j.Z...........Q.......3.9F.Y~.9F.~...f..Af..G@;F.|..6....

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\additional_file1.tmp

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with very long lines (1824)
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1344708
                                                                                                                                                                                                  Entropy (8bit):6.081849998191263
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24576:idUTvr+x0E4H3CAHkd0OhPVVUCs4dxemFiG7V76d5vQVUCaxU:iKTHhySkuz/G65v1y
                                                                                                                                                                                                  MD5:1FB07CF2B20D516ADC1067D9C4C57BB7
                                                                                                                                                                                                  SHA1:DA0BFEB9A98B2FDAF422A1B52FFA33ECA0684EA1
                                                                                                                                                                                                  SHA-256:294592F92BDDA407A531D81D64B7D141979F7B5B052370C1041430530DB7C481
                                                                                                                                                                                                  SHA-512:F4B17E1E60281465A3288E5BDE7C537AC419236A72B680AD533E93CAE81DC8E12221339A737C27257B0A561192F655C70230D818EB0219CCB5E4641B5FF811D8
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:// DUwgkzpRs2UBZDQI77+cT3P6rFCB1A0dTs323s0P8VwKPNxJg7UC76QDbcCRMySUWu6oS1yzTCguRlUYTcidqpeZdtHOL09/z+luPzIHHqB/vQ9rnmKvNPJpGrBJkKfytTOuw9v8frDeZaeH6r4iB1b3IcxXDVBG/cZiVMvhj0/b9SbAbkgN94GUrDjIArHEo49eBMFcYKuLFjOUmbiRuESFn3Rlx1SFNsPk2GEohrRvsb3Fzh9UH6hwKFUEBxwUWIGMtPpf2rIDmUxAEUigjvrWMiGoDk4x5FdM+p5livY9OVeyVGtcfDm8zZJ3psJ6Uz8cqK1ZhYsebZFUup9rZA==.{. "version": 32,. "partner_id": "std-1",. "user_agent": "std-1",. "search_engines": {. "location": {. "ad": {. "other": {. "list": [. "google_com",. "yahoo",. "duckduckgo",. "amazon",. "bing_attributed_ysrcunow",. "wiki". ],. "speed_dial_index_list": [0]. }. },. "al": {. "other": {. "list": [. "google_com",. "yahoo",. "duckduckgo",. "amazon",. "bing_attributed_ysrcunow",. "wiki". ],. "speed_dial_index_list": [0].

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe (copy)

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1499104
                                                                                                                                                                                                  Entropy (8bit):7.985603261747699
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24576:4ACKcQz8HkfJ8dQnd4GrbwsgY+UfLBCQdI5f3cjCRgCPPWCUZry8k/GUrbN:5pT8HkfJ5eGrbmR0afsXCBrG
                                                                                                                                                                                                  MD5:E9A2209B61F4BE34F25069A6E54AFFEA
                                                                                                                                                                                                  SHA1:6368B0A81608C701B06B97AEFF194CE88FD0E3C0
                                                                                                                                                                                                  SHA-256:E950F17F4181009EEAFA9F5306E8A9DFD26D88CA63B1838F44FF0EFC738E7D1F
                                                                                                                                                                                                  SHA-512:59E46277CA79A43ED8B0A25B24EFF013E251A75F90587E013B9C12851E5DD7283B6172F7D48583982F6A32069457778EE440025C1C754BF7BB6CE8AE1D2C3FC5
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ`.....................@...................................`...........!..L.!Require Windows..$PE..L...'..P.................(...F.......-.......@....@.................................7........................................b......................H................................................................@..d............................text....&.......(.................. ..`.rdata...5...@...6...*..............@..@.data....)...........`..............@....rsrc................h..............@..@........U..`.A.......S3.;.VWt.f9.b.A.t...`.A.P....P.|..Y.nj'.v....u..v..=.BA..6P......P....9^..].v8.^..3......hhDA.P..........P......P..pAA..E..E....;F.r......P.J|..Y.24..j...lAA...t$..D....3.9.H.A.t...@....9D$.t..t$.Ph.....5@.A....BA.3.....D$..`...|$..u..@.....3.....t$..D$..t$...`.A......t$...P.Q..%`.A...D$...V...t...P.Q...^...VW.|$.....t...W.P.....t...P.Q..>.._^....T$..L$....f..AABBf..u..L$.3.f9.t.@f.<A.u..S.\$.V..C;^.tLW3.j.Z...........Q.......3.9F.Y~.9F.~...f..Af..G@;F.|..6....

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exe

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe
                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1853592
                                                                                                                                                                                                  Entropy (8bit):6.818631706824549
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24576:K9A2yB7Nxu6wdWob6zD0fnBa2M9SmWqRYv9XTQdg7VHUw9MqNTLTM7DbXTWs4HU+:cAF/wvfnJ1zRH/2qNvsD3W3HUTX4Ean
                                                                                                                                                                                                  MD5:4C8FBED0044DA34AD25F781C3D117A66
                                                                                                                                                                                                  SHA1:8DD93340E3D09DE993C3BC12DB82680A8E69D653
                                                                                                                                                                                                  SHA-256:AFE569CE9E4F71C23BA5F6E8FD32BE62AC9538E397CDE8F2ECBE46FAA721242A
                                                                                                                                                                                                  SHA-512:A04E6FD052D2D63A0737C83702C66A9AF834F9DF8423666508C42B3E1D8384300239C9DDACDC31C1E85140EB1193BCFAC209F218750B40342492FFCE6E9DA481
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....B.`.........."......`........................@.................................sS....@.............................`................E...........,...............~.......................}......@4..........................@....................text...?_.......`.................. ..`.rdata......p.......d..............@..@.data....c.......0..................@....00cfg.......p......................@..@.tls................................@....voltbl.P...............................CPADinfo0...........................@....rsrc....E.......F..................@..@.reloc...............d..............@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\browser_assistant.exe

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe
                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):3291288
                                                                                                                                                                                                  Entropy (8bit):6.8236015092223115
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:98304:4qcHd9dChDBdG26666666666666666666666666666666x666666666666666fwW:4qcHZChfGcwMOlq
                                                                                                                                                                                                  MD5:28A21AFB4BDC543B4B0309BB78B8BA4A
                                                                                                                                                                                                  SHA1:AB6230C0E1C2C12FC5C9B7A60EA5ADEF99E7783B
                                                                                                                                                                                                  SHA-256:672AEB85A07EC1A25DBCF48B64D3BDE24DD0691C2BB27ED74A536776F63B5D27
                                                                                                                                                                                                  SHA-512:806A3466DD4DE9BFCA6B13C20E69985DECFB8FFE5A31F785D649DAB249064FC4EC1FBBA9DDAEFC634D6E7AA355FEF73F511357C748043E407F979B150C159CB7
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....B.`..........".......'..........6$...........@...........................2......v2...@........................../.^...1./.T.....0.@.............2.......1......k/..................... j/.......-.............P./.....`./.@....................text.....'.......'................. ..`.rdata....... '.......'.............@..@.data...,n....0..2..../.............@....00cfg.......p0.......0.............@..@.rodata.......0.......0............. ..`.tls..........0.......0.............@....voltbl.\.....0.......0.................CPADinfo0.....0.......0.............@....rsrc...@.....0.......0.............@..@.reloc........1.......0.............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\files_list

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe
                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):61
                                                                                                                                                                                                  Entropy (8bit):4.030896101301726
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3:/WBElnLWqOXLNod5ylmvYKO:aElZOXL6+lmvYD
                                                                                                                                                                                                  MD5:2F070A8DDB1E4A5BC2137DBB2967E9A8
                                                                                                                                                                                                  SHA1:F9F38DA409C2D4DFCE3471CF6621B7B81B797BF5
                                                                                                                                                                                                  SHA-256:4C3722675F9E72C3ECE2A029DC8637CD8219CEB40B623D6DC75647314036AD3C
                                                                                                                                                                                                  SHA-512:52FCB7870637F46D156D2F210E119A52B5B5226B9AEDE66ACF51160FBA45310D865DC4CCE1BD8A82156C414175DE49A5DCB527CF9F635F925D3C5603872CDD7C
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:assistant_installer.exe..browser_assistant.exe..mojo_core.dll

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\mojo_core.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):990360
                                                                                                                                                                                                  Entropy (8bit):6.751997627821156
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24576:A6o+8ckgAyVGC2a8KmvPvFRcYc5L8eJcnvkmXXXoQZB16mk:845W9rDMMZz6mk
                                                                                                                                                                                                  MD5:7913D58432695A0DD61EE6B472FBDE99
                                                                                                                                                                                                  SHA1:2F29F0B689539C03F16C1DB7DEBD216F8D71A110
                                                                                                                                                                                                  SHA-256:789E08420078F7EAFBE22A28CD657313829E52F9A5133FD20D894A0AADFC0CD1
                                                                                                                                                                                                  SHA-512:ECD2D61ED30F455746E7A70D719C9A10C85C861753BBBF9E478F6B5C6790465B1BE6951594222C5B5F5F7471E0A54EFEC8F66247F817E7AD97BB4E5839CC4326
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....B.`.........."!.........F............................................................@A.........................?..t....?............................... ..0l...*.......................).......................B...............................text...|........................... ..`.rdata..(...........................@..@.data...,g.......,...`..............@....00cfg..............................@..@.tls................................@....voltbl..................................reloc..0l... ...n..................@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\fa021e0f-b3f3-4f6d-a0c8-00dd9c19cf29.tmp

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1216
                                                                                                                                                                                                  Entropy (8bit):5.106045047702254
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:YdHH78PBpn+6PeA4jX2YMfleqL2IbRpY37v1tZNcPyrzHu69eH:YdHH78PBAfjXLme9Aw3DZuyrzsH
                                                                                                                                                                                                  MD5:3C4C619F7BC3070FF2B21F4C1B932A1C
                                                                                                                                                                                                  SHA1:6604EF1FC1E5EDB1577A26A20197D1F52FE3B8BE
                                                                                                                                                                                                  SHA-256:5E2ADCC1F017905D13D9FD961856D94A51724C87F3547470D7B20C4CC9DCF7B3
                                                                                                                                                                                                  SHA-512:CA1D142390F8A8D02E0AEF13A01BB1310F97AF912F1D19E06DD927259B7B46681CAF2629A3E766CAC23FBB0DFE68E1F77C49F277527B6EC6F737D54D6DB18664
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:{"country":"US","features-dna-requirements":{"818c3ef12d0b":{"forbidden":["5b3eb4a6c335a0659d16d1a189ca155e4441ea14"],"required":["64336fb81a04836eb8108d24fbca3aa3682db0a5"]}},"features-remote-flag":"01979299c8cd,13e025f64bd6:disabled,13eeaf851da7,15322f489976,1ad69b007ce5,1c4dddb65bac,1d24dceb937a,278deecb29a1,2c1429a5a72e,3389f6c15eb9,40db6e644d2c:disabled,50796754ffc7,5448a57d6689:disabled,54726ed4401e,56d717ae3ad6,5a28d66c82cd,603cade21cf7,654296fe9d6c,818c3ef12d0b,8511df77ed15,970fe421a344,9ec4e68ae70a:disabled,b2a2a32b832b,b7751444d14a,b9677b166709:disabled,c24103d5839f:disabled,c25d6d8d2719:disabled,c57119eb4723,c9a44eaecc11,cbc43aa3cfb6,ce1c7c17ef6e,d144067b33ec,d4b5093b464f,e2c9ffba8439,e7de6afa38c4,f17eaee53639,f3834d6657d8,f77fe4682650,fc82980101cd","remote-features-guid":"a2eb09b3-da4f-4837-933b-139333cf4305","welcome-url":"https://redir.opera.com/www.opera.com/gx/firstrun/?utm_campaign=PWN_US_PB3_DD_3661&utm_content=3661_2353&utm_id=a9532ceedba7472a89a73adb7027db85&utm_med

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\files_list

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):39
                                                                                                                                                                                                  Entropy (8bit):3.830148693165749
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3:mWaTtoKAtPNe:m3K/g
                                                                                                                                                                                                  MD5:FE7F046D773FC1DE764E1BE70614BF20
                                                                                                                                                                                                  SHA1:C2F16957953DEEB6DE1A12FA656AC84FCAA5B085
                                                                                                                                                                                                  SHA-256:3D87AD3D7001FBE5D65682BF1111A73C4A1BA68B34C604C6BDE77C5DD8ADCC8E
                                                                                                                                                                                                  SHA-512:405BC34A634007AF8159252D1E28AD3578BD6339C81B9DE97E022FD1420D0394488C09A36BD7E23BB38DF466AE2FA1B66420F97198DBD2099A161ABCDA121A03
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:resources/custom_partner_content.json..

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\installer_prefs_include.json (copy)

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):384
                                                                                                                                                                                                  Entropy (8bit):5.200828148768964
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6:YSAILzPl3DBDmNYwD5YBxFAZWdHnOAb6Hah9LWIoSN8mNA4YBxcowHY:YSLrlNDmNY2SBxFAYHnz66mSN8mNAfBH
                                                                                                                                                                                                  MD5:00B5B7E50BA5783AEBEBA911567E83E7
                                                                                                                                                                                                  SHA1:6C0D9282B3811405982F560A697F3F3E3BAA7434
                                                                                                                                                                                                  SHA-256:A0000576CC90424458F2BBD10603FFAC52EC96E273678A25FE66973C9D8A3C1D
                                                                                                                                                                                                  SHA-512:F016144881A089FA5BB8623E786D70C7EFF2F1E95F2E07E34E4F61792DCBF2D708DD3796EC260660D30001B246FF7480688C3A2368002FB09D88783E8B4CB5AD
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:{"welcome-url":"https://redir.opera.com/www.opera.com/gx/firstrun/?utm_campaign=PWN_US_PB3_DD_3661&utm_content=3661_2353&utm_id=a9532ceedba7472a89a73adb7027db85&utm_medium=pa&utm_source=PWNgames&http_referrer=&query=/opera_gx/stable/edition/std-1?utm_source=PWNgames%26utm_medium=pa%26utm_campaign=PWN_US_PB3_DD_3661%26utm_id=a9532ceedba7472a89a73adb7027db85%26utm_content=3661_2353"}

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\installer_prefs_include.json.backup

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1216
                                                                                                                                                                                                  Entropy (8bit):5.106045047702254
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:YdHH78PBpn+6PeA4jX2YMfleqL2IbRpY37v1tZNcPyrzHu69eH:YdHH78PBAfjXLme9Aw3DZuyrzsH
                                                                                                                                                                                                  MD5:3C4C619F7BC3070FF2B21F4C1B932A1C
                                                                                                                                                                                                  SHA1:6604EF1FC1E5EDB1577A26A20197D1F52FE3B8BE
                                                                                                                                                                                                  SHA-256:5E2ADCC1F017905D13D9FD961856D94A51724C87F3547470D7B20C4CC9DCF7B3
                                                                                                                                                                                                  SHA-512:CA1D142390F8A8D02E0AEF13A01BB1310F97AF912F1D19E06DD927259B7B46681CAF2629A3E766CAC23FBB0DFE68E1F77C49F277527B6EC6F737D54D6DB18664
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:{"country":"US","features-dna-requirements":{"818c3ef12d0b":{"forbidden":["5b3eb4a6c335a0659d16d1a189ca155e4441ea14"],"required":["64336fb81a04836eb8108d24fbca3aa3682db0a5"]}},"features-remote-flag":"01979299c8cd,13e025f64bd6:disabled,13eeaf851da7,15322f489976,1ad69b007ce5,1c4dddb65bac,1d24dceb937a,278deecb29a1,2c1429a5a72e,3389f6c15eb9,40db6e644d2c:disabled,50796754ffc7,5448a57d6689:disabled,54726ed4401e,56d717ae3ad6,5a28d66c82cd,603cade21cf7,654296fe9d6c,818c3ef12d0b,8511df77ed15,970fe421a344,9ec4e68ae70a:disabled,b2a2a32b832b,b7751444d14a,b9677b166709:disabled,c24103d5839f:disabled,c25d6d8d2719:disabled,c57119eb4723,c9a44eaecc11,cbc43aa3cfb6,ce1c7c17ef6e,d144067b33ec,d4b5093b464f,e2c9ffba8439,e7de6afa38c4,f17eaee53639,f3834d6657d8,f77fe4682650,fc82980101cd","remote-features-guid":"a2eb09b3-da4f-4837-933b-139333cf4305","welcome-url":"https://redir.opera.com/www.opera.com/gx/firstrun/?utm_campaign=PWN_US_PB3_DD_3661&utm_content=3661_2353&utm_id=a9532ceedba7472a89a73adb7027db85&utm_med

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\installer_prefs_include.json~RF3b6c18.TMP (copy)

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):384
                                                                                                                                                                                                  Entropy (8bit):5.200828148768964
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6:YSAILzPl3DBDmNYwD5YBxFAZWdHnOAb6Hah9LWIoSN8mNA4YBxcowHY:YSLrlNDmNY2SBxFAYHnz66mSN8mNAfBH
                                                                                                                                                                                                  MD5:00B5B7E50BA5783AEBEBA911567E83E7
                                                                                                                                                                                                  SHA1:6C0D9282B3811405982F560A697F3F3E3BAA7434
                                                                                                                                                                                                  SHA-256:A0000576CC90424458F2BBD10603FFAC52EC96E273678A25FE66973C9D8A3C1D
                                                                                                                                                                                                  SHA-512:F016144881A089FA5BB8623E786D70C7EFF2F1E95F2E07E34E4F61792DCBF2D708DD3796EC260660D30001B246FF7480688C3A2368002FB09D88783E8B4CB5AD
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:{"welcome-url":"https://redir.opera.com/www.opera.com/gx/firstrun/?utm_campaign=PWN_US_PB3_DD_3661&utm_content=3661_2353&utm_id=a9532ceedba7472a89a73adb7027db85&utm_medium=pa&utm_source=PWNgames&http_referrer=&query=/opera_gx/stable/edition/std-1?utm_source=PWNgames%26utm_medium=pa%26utm_campaign=PWN_US_PB3_DD_3661%26utm_id=a9532ceedba7472a89a73adb7027db85%26utm_content=3661_2353"}

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\opera_package

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):142198520
                                                                                                                                                                                                  Entropy (8bit):7.999995421447281
                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                  SSDEEP:3145728:4PPyb5NN6TkxOYod/OocWSqlsw6I3iYwiA1+ulOYZ:gP4Z0/jl0vVB+usg
                                                                                                                                                                                                  MD5:E5C66BC2A10855CB4164EEF86F92FB0D
                                                                                                                                                                                                  SHA1:9453AA10DE00E311EE3415D1C07F1990FE6FB491
                                                                                                                                                                                                  SHA-256:FD238E7993A9800F8B9D5C0C0F4FB90E624823BC4A085F658F9544296A4A967D
                                                                                                                                                                                                  SHA-512:CFE5614CD7FBA269DC89A69240382B42649AA45449266447EC29E95A01C69D898F317AD75E07651BD75AB7FCF42C1E6E1731457F91A51397810744D95F1F96B9
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ`.....................@...................................`...........!..L.!Require Windows..$PE..L...'..P.................(...F.......-.......@....@..................................z......................................b......................X.y..)...........................................................@..d............................text....&.......(.................. ..`.rdata...5...@...6...*..............@..@.data....)...........`..............@....rsrc................h..............@..@........U..`.A.......S3.;.VWt.f9.b.A.t...`.A.P....P.|..Y.nj'.v....u..v..=.BA..6P......P....9^..].v8.^..3......hhDA.P..........P......P..pAA..E..E....;F.r......P.J|..Y.24..j...lAA...t$..D....3.9.H.A.t...@....9D$.t..t$.Ph.....5@.A....BA.3.....D$..`...|$..u..@.....3.....t$..D$..t$...`.A......t$...P.Q..%`.A...D$...V...t...P.Q...^...VW.|$.....t...W.P.....t...P.Q..>.._^....T$..L$....f..AABBf..u..L$.3.f9.t.@f.<A.u..S.\$.V..C;^.tLW3.j.Z...........Q.......3.9F.Y~.9F.~...f..Af..G@;F.|..6....

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\pref_default_overrides

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2
                                                                                                                                                                                                  Entropy (8bit):1.0
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3:H:H
                                                                                                                                                                                                  MD5:99914B932BD37A50B983C5E7C90AE93B
                                                                                                                                                                                                  SHA1:BF21A9E8FBC5A3846FB05B4FA0859E0917B2202F
                                                                                                                                                                                                  SHA-256:44136FA355B3678A1146AD16F7E8649E94FB4FC21FE77E8310C060F61CAAFF8A
                                                                                                                                                                                                  SHA-512:27C74670ADB75075FAD058D5CEAF7B20C4E7786C83BAE8A32F626F9782AF34C9A33C2046EF60FD2A7878D378E29FEC851806BBD9A67878F3A9F1CDA4830763FD
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:{}

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\resources\custom_partner_content.json (copy)

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with very long lines (1824)
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1344708
                                                                                                                                                                                                  Entropy (8bit):6.081849998191263
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24576:idUTvr+x0E4H3CAHkd0OhPVVUCs4dxemFiG7V76d5vQVUCaxU:iKTHhySkuz/G65v1y
                                                                                                                                                                                                  MD5:1FB07CF2B20D516ADC1067D9C4C57BB7
                                                                                                                                                                                                  SHA1:DA0BFEB9A98B2FDAF422A1B52FFA33ECA0684EA1
                                                                                                                                                                                                  SHA-256:294592F92BDDA407A531D81D64B7D141979F7B5B052370C1041430530DB7C481
                                                                                                                                                                                                  SHA-512:F4B17E1E60281465A3288E5BDE7C537AC419236A72B680AD533E93CAE81DC8E12221339A737C27257B0A561192F655C70230D818EB0219CCB5E4641B5FF811D8
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:// DUwgkzpRs2UBZDQI77+cT3P6rFCB1A0dTs323s0P8VwKPNxJg7UC76QDbcCRMySUWu6oS1yzTCguRlUYTcidqpeZdtHOL09/z+luPzIHHqB/vQ9rnmKvNPJpGrBJkKfytTOuw9v8frDeZaeH6r4iB1b3IcxXDVBG/cZiVMvhj0/b9SbAbkgN94GUrDjIArHEo49eBMFcYKuLFjOUmbiRuESFn3Rlx1SFNsPk2GEohrRvsb3Fzh9UH6hwKFUEBxwUWIGMtPpf2rIDmUxAEUigjvrWMiGoDk4x5FdM+p5livY9OVeyVGtcfDm8zZJ3psJ6Uz8cqK1ZhYsebZFUup9rZA==.{. "version": 32,. "partner_id": "std-1",. "user_agent": "std-1",. "search_engines": {. "location": {. "ad": {. "other": {. "list": [. "google_com",. "yahoo",. "duckduckgo",. "amazon",. "bing_attributed_ysrcunow",. "wiki". ],. "speed_dial_index_list": [0]. }. },. "al": {. "other": {. "list": [. "google_com",. "yahoo",. "duckduckgo",. "amazon",. "bing_attributed_ysrcunow",. "wiki". ],. "speed_dial_index_list": [0].

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\server_tracking_data

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:ASCII text, with very long lines (904), with no line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):904
                                                                                                                                                                                                  Entropy (8bit):5.530753116103
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:n2iq0sNQsB/GUjFo8FlEfNHPOr5FlvA4jt:NqlJGURtF6HPSFu45
                                                                                                                                                                                                  MD5:D8690D3C9D3B6CCE92753AA3F076BE93
                                                                                                                                                                                                  SHA1:E890A27B79AF20966480103FA2DCEC406F250B2E
                                                                                                                                                                                                  SHA-256:72D36AAB080ACF83877A38E99309E35AFA8659C5A9D0966A8F0939783F0ECAD6
                                                                                                                                                                                                  SHA-512:262B29AA027222DCC648E8164C4D25D6E97A76B5624B60141E4871997B4FF49F3AB6DE63F874B42B0E8C2E403577F46E768ED90CEA6406A57252030A68FE1EA1
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MzQwYjFlY2Q3YzUwMzljOWRhMzc4ZWY2NDVlZTkxNGE5MzY0ODhiMmM5YmFiMDE5ZTk1N2JhOTU2NTJhM2RiNzp7ImNvdW50cnkiOiJVUyIsImVkaXRpb24iOiJzdGQtMSIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOnsibmFtZSI6Im9wZXJhX2d4In0sInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS9lZGl0aW9uL3N0ZC0xP3V0bV9zb3VyY2U9UFdOZ2FtZXMmdXRtX21lZGl1bT1wYSZ1dG1fY2FtcGFpZ249UFdOX1VTX1BCM19ERF8zNjYxJnV0bV9pZD1hOTUzMmNlZWRiYTc0NzJhODlhNzNhZGI3MDI3ZGI4NSZ1dG1fY29udGVudD0zNjYxXzIzNTMiLCJzeXN0ZW0iOnsicGxhdGZvcm0iOnsiYXJjaCI6Ing4Nl82NCIsIm9wc3lzIjoiV2luZG93cyIsIm9wc3lzLXZlcnNpb24iOiIxMCIsInBhY2thZ2UiOiJFWEUifX0sInRpbWVzdGFtcCI6IjE3MTE4MTY2OTkuOTMyNiIsInVzZXJhZ2VudCI6Iklubm9Eb3dubG9hZFBsdWdpbi8xLjUiLCJ1dG0iOnsiY2FtcGFpZ24iOiJQV05fVVNfUEIzX0REXzM2NjEiLCJjb250ZW50IjoiMzY2MV8yMzUzIiwiaWQiOiJhOTUzMmNlZWRiYTc0NzJhODlhNzNhZGI3MDI3ZGI4NSIsIm1lZGl1bSI6InBhIiwic291cmNlIjoiUFdOZ2FtZXMifSwidXVpZCI6IjFiNjA5MDQ5LTIxN2QtNDVkMy04ODZiLTM3N2E2MTY5YWJiZCJ9

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\set_0.exe

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):3581608
                                                                                                                                                                                                  Entropy (8bit):7.773137148819644
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:98304:JXNMGeiRvKLzPXB8upFO39fYFLkVRHCoyXw2xDx0TJO:JdF9KJGvtQp
                                                                                                                                                                                                  MD5:63BF5E3553D023DA35C365109C3AEDCF
                                                                                                                                                                                                  SHA1:BDB3A6C22687FD882BB45564FE1B4A149CD15EF4
                                                                                                                                                                                                  SHA-256:AED161141E35ADBE2EEC4B14D7A52885A5AFA7E34E8DD6A7B027F024DC35A27C
                                                                                                                                                                                                  SHA-512:CF098712D76236B68529B0457F49C04CBF54E6729B52A6F7A9CDB2E677E72485865EA24E5B995B85EA2AA3D2E421347CC3564073B052AF6C0EA8699E2B574CDD
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L......f.........."......P6..@...`%.p.[..p%...[...@...........................\.....D.7...@...................................[.......[../...........z6..,....[.............................4.[.....T.[.............................................UPX0.....`%.............................UPX1.....P6..p%..F6.................@....rsrc....@....[..2...H6.............@...4.02.UPX!....<.O..6*..[.[A6...[.&...a.!.U..]....U..1.]........SWV.....E.`..@....@.......pd.....d....}...........M.1..U..A.M.).).9..L.M.4.....9.r.9.wx.u..t.SPQ....\.U.....B.......B..M...;}.}<.M...Z.9.r........X$.E..........p.......t.....`..A1.CL.1..EZ.F...........^_[]...>..h.....E....h...y..,...;.....f.o8..U......E....WV.........x ..}.u.1.H^_].n...F..H..N......5.?.@8.OM.P...n...P..}..O..G~.<..W.)..9.r....9..p.......Y.SQR...\........\}..W.......;E.}H...w.._.9.r..E.....E...X0%..{.d.....u.g..

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer\opera_installer_20240330173821471.log

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:ASCII text, with very long lines (1833)
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):9922
                                                                                                                                                                                                  Entropy (8bit):5.793120646047773
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:CDce7ds/AZOlRtTY+atXF0bMGiIsT3HMSskFY:CDce7ds/AZWRt0+a53RgDd
                                                                                                                                                                                                  MD5:932B297ED537180BE966C8217E700113
                                                                                                                                                                                                  SHA1:2B672F460E444C3A45FA323287F6CD6B9D076A41
                                                                                                                                                                                                  SHA-256:1899A793033C6CF1179C3971BF04D93CE9C5AD25BCD8300F9D8AD7025079F028
                                                                                                                                                                                                  SHA-512:62DF382E29A8CC11069B191A4CBD4A6D5EE162A9A35D8B6FFB6D1C78B9C12421411CB3C4106AFCBF3BF8758F3786B93B036519ECCBC3AAF7FBD20BA9298256FC
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:[0330/173821.486:INFO:installer_main.cc(453)] Opera GX installer starting - version 107.0.5045.79 Stable.[0330/173821.486:INFO:installer_main.cc(456)] Command line: "C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe" --silent --allusers=0.[0330/173821.486:INFO:installer_main.cc(478)] Uninstall:0.[0330/173821.486:INFO:installer_main.cc(479)] Silent:1.[0330/173821.486:INFO:installer_main.cc(480)] Run Immediately0.[0330/173821.486:INFO:installer_main.cc(482)] Backend0.[0330/173821.486:INFO:installer_main.cc(483)] Inside package0.[0330/173821.486:INFO:installer_main.cc(484)] Autoupdate:0.[0330/173821.486:INFO:payload_manager_impl.cc(97)] Reading Payload.[0330/173821.486:INFO:installer_main.cc(610)] Tracking data: MzA5OTJjZmI3MjE5YzAyNjdjMjZjNzZjYTY5YzViZWVlMjBhNTVkMGQ1NTNjYTM4M2M3ZTE3NGU0ODJkY2U5Zjp7ImNvdW50cnkiOiJVUyIsImVkaXRpb24iOiJzdGQtMSIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOiJvcGVyYV9neCIsInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS9lZGl0aW9uL3N0ZC0xP3V0bV9zb3VyY2

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer\opera_installer_20240330173822509.log

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:ASCII text, with very long lines (1842)
                                                                                                                                                                                                  Category:modified
                                                                                                                                                                                                  Size (bytes):6277
                                                                                                                                                                                                  Entropy (8bit):5.836431978713328
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:aMGlsaJGgtwSQa0ktlJGgtJpH5EuMG55saJGgtwSibX:aMGiIsXa0ktTH+uMG5WIsJbX
                                                                                                                                                                                                  MD5:870622460BE8DAC8CEF12EC43CEB5B4B
                                                                                                                                                                                                  SHA1:46CC470CF641C7B334D2C3671F695D2FFBFB918C
                                                                                                                                                                                                  SHA-256:6D272523C1AEC608958399D6FA523933E2B16AFEC86B82A5CC09F662100B3F1C
                                                                                                                                                                                                  SHA-512:ABFA9FE4DE8003EF24FDE21364FF82CAC8A4AC61764CB3C5A74CB07EE5CC259B23B99CD0BCCA19B22376D69D4E67F9114716883E0D90CC2536F982334F2CB911
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:[0330/173822.509:INFO:installer_main.cc(453)] Opera GX installer starting - version 107.0.5045.79 Stable.[0330/173822.509:INFO:installer_main.cc(456)] Command line: "C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="C:\Users\user\AppData\Local\Programs\Opera GX" --profile-folder --language=en-GB --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=6968 --package-dir-prefix="C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_20240330173821" --session-guid=a10f841a-b084-4b1c-a270-9471596263d2 --server-tracking-blob=MzQwYjFlY2Q3YzUwMzljOWRhMzc4ZWY2NDVlZTkxNGE5MzY0ODhiMmM5YmFiMDE5ZTk1N2JhOTU2NTJhM2RiNzp7

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer\opera_installer_20240330173926631.log

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe
                                                                                                                                                                                                  File Type:ASCII text, with very long lines (1787)
                                                                                                                                                                                                  Category:modified
                                                                                                                                                                                                  Size (bytes):4260
                                                                                                                                                                                                  Entropy (8bit):5.704799609011243
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:bVb7FnVb7cA6QM78XKSLh5s3qlJGURtF6HPSFu49IVbbf3FFVbJVbGPVbxVbxVb8:brrMG55saJGgtwSsa+DJjsViIg/
                                                                                                                                                                                                  MD5:52AB8B843641B540F7B0AB85E6565199
                                                                                                                                                                                                  SHA1:1FC48C1EF1FCB160E3161FBAE3FAB17DE85B0225
                                                                                                                                                                                                  SHA-256:DDE86FE3B821444A14172414BF82C598EA4EBCDA16A85F62EB58901C69F8246D
                                                                                                                                                                                                  SHA-512:43C07EDB207D577719C2B43AD6C1E4048E641D6C1AD4D23B09CF835D7A69C412C84DA35A32CB8DFC74E089487804337CE48127C8386B1B50F4D0FC039E3A8ED0
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:[0330/173926.631:INFO:installer_main.cc(453)] Opera GX installer starting - version 107.0.5045.79 Stable.[0330/173926.631:INFO:installer_main.cc(456)] Command line: "C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe" --backend --initial-pid=6968 --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="C:\Users\user\AppData\Local\Programs\Opera GX" --profile-folder --language=en-GB --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --package-dir="C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211" --session-guid=a10f841a-b084-4b1c-a270-9471596263d2 --server-tracking-blob=MzQwYjFlY2Q3YzUwMzljOWRhMzc4ZWY2NDVlZTkxNGE5MzY0ODhiMmM5YmFiMDE5ZTk1N2JhOTU

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\Opera_installer_2403301638210966968.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):5449120
                                                                                                                                                                                                  Entropy (8bit):7.051332014531774
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:98304:56666666666666666666666666666666x666666666666666fwwwwwwwwwwwwwwQ:Ye+76Dd2m77qcyc9dAuD478Rq8axOXQV
                                                                                                                                                                                                  MD5:94757651CFE527B6F6CBEC4F4BDE22C4
                                                                                                                                                                                                  SHA1:7F75055C0A9896227CDB4C9D7E6BE1F229C39E2E
                                                                                                                                                                                                  SHA-256:8813082DE86313292687DC69DEC6D598E705E360AB6165F66AF5B57EAF592D46
                                                                                                                                                                                                  SHA-512:787A91C02A621D5867F4BF0F455052BFAF6398FF368E8CA3E6A751E17745479EBD41F9076C4DC467CF3A78CA277E1359948847B35C78DAB53B1C907A89EED378
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L......f.........."!......3..8.......&.......................................T.......S...@A........................r.;.m....;...... >...............R..)....S......a;......................`;.......3...............;.4.....;.`....................text...8.3.......3................. ..`.rdata...=....3..>....3.............@..@.data.........<..@....;.............@....00cfg........=......><.............@..@.rodata.......=......@<............. ..`.tls....Y.....=......B<.............@...CPADinfo0.....>......D<.............@...malloc_h......>......F<............. ..`.rsrc........ >......H<.............@..@.reloc........S......8Q.............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\Opera_installer_2403301638213415396.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):5449120
                                                                                                                                                                                                  Entropy (8bit):7.051332014531774
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:98304:56666666666666666666666666666666x666666666666666fwwwwwwwwwwwwwwQ:Ye+76Dd2m77qcyc9dAuD478Rq8axOXQV
                                                                                                                                                                                                  MD5:94757651CFE527B6F6CBEC4F4BDE22C4
                                                                                                                                                                                                  SHA1:7F75055C0A9896227CDB4C9D7E6BE1F229C39E2E
                                                                                                                                                                                                  SHA-256:8813082DE86313292687DC69DEC6D598E705E360AB6165F66AF5B57EAF592D46
                                                                                                                                                                                                  SHA-512:787A91C02A621D5867F4BF0F455052BFAF6398FF368E8CA3E6A751E17745479EBD41F9076C4DC467CF3A78CA277E1359948847B35C78DAB53B1C907A89EED378
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L......f.........."!......3..8.......&.......................................T.......S...@A........................r.;.m....;...... >...............R..)....S......a;......................`;.......3...............;.4.....;.`....................text...8.3.......3................. ..`.rdata...=....3..>....3.............@..@.data.........<..@....;.............@....00cfg........=......><.............@..@.rodata.......=......@<............. ..`.tls....Y.....=......B<.............@...CPADinfo0.....>......D<.............@...malloc_h......>......F<............. ..`.rsrc........ >......H<.............@..@.reloc........S......8Q.............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\Opera_installer_2403301638216716504.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\set_0.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):5449120
                                                                                                                                                                                                  Entropy (8bit):7.051332014531774
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:98304:56666666666666666666666666666666x666666666666666fwwwwwwwwwwwwwwQ:Ye+76Dd2m77qcyc9dAuD478Rq8axOXQV
                                                                                                                                                                                                  MD5:94757651CFE527B6F6CBEC4F4BDE22C4
                                                                                                                                                                                                  SHA1:7F75055C0A9896227CDB4C9D7E6BE1F229C39E2E
                                                                                                                                                                                                  SHA-256:8813082DE86313292687DC69DEC6D598E705E360AB6165F66AF5B57EAF592D46
                                                                                                                                                                                                  SHA-512:787A91C02A621D5867F4BF0F455052BFAF6398FF368E8CA3E6A751E17745479EBD41F9076C4DC467CF3A78CA277E1359948847B35C78DAB53B1C907A89EED378
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L......f.........."!......3..8.......&.......................................T.......S...@A........................r.;.m....;...... >...............R..)....S......a;......................`;.......3...............;.4.....;.`....................text...8.3.......3................. ..`.rdata...=....3..>....3.............@..@.data.........<..@....;.............@....00cfg........=......><.............@..@.rodata.......=......@<............. ..`.tls....Y.....=......B<.............@...CPADinfo0.....>......D<.............@...malloc_h......>......F<............. ..`.rsrc........ >......H<.............@..@.reloc........S......8Q.............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\Opera_installer_2403301638220563568.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):5449120
                                                                                                                                                                                                  Entropy (8bit):7.051332014531774
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:98304:56666666666666666666666666666666x666666666666666fwwwwwwwwwwwwwwQ:Ye+76Dd2m77qcyc9dAuD478Rq8axOXQV
                                                                                                                                                                                                  MD5:94757651CFE527B6F6CBEC4F4BDE22C4
                                                                                                                                                                                                  SHA1:7F75055C0A9896227CDB4C9D7E6BE1F229C39E2E
                                                                                                                                                                                                  SHA-256:8813082DE86313292687DC69DEC6D598E705E360AB6165F66AF5B57EAF592D46
                                                                                                                                                                                                  SHA-512:787A91C02A621D5867F4BF0F455052BFAF6398FF368E8CA3E6A751E17745479EBD41F9076C4DC467CF3A78CA277E1359948847B35C78DAB53B1C907A89EED378
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L......f.........."!......3..8.......&.......................................T.......S...@A........................r.;.m....;...... >...............R..)....S......a;......................`;.......3...............;.4.....;.`....................text...8.3.......3................. ..`.rdata...=....3..>....3.............@..@.data.........<..@....;.............@....00cfg........=......><.............@..@.rodata.......=......@<............. ..`.tls....Y.....=......B<.............@...CPADinfo0.....>......D<.............@...malloc_h......>......F<............. ..`.rsrc........ >......H<.............@..@.reloc........S......8Q.............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\Opera_installer_2403301638223875280.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):5449120
                                                                                                                                                                                                  Entropy (8bit):7.051332014531774
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:98304:56666666666666666666666666666666x666666666666666fwwwwwwwwwwwwwwQ:Ye+76Dd2m77qcyc9dAuD478Rq8axOXQV
                                                                                                                                                                                                  MD5:94757651CFE527B6F6CBEC4F4BDE22C4
                                                                                                                                                                                                  SHA1:7F75055C0A9896227CDB4C9D7E6BE1F229C39E2E
                                                                                                                                                                                                  SHA-256:8813082DE86313292687DC69DEC6D598E705E360AB6165F66AF5B57EAF592D46
                                                                                                                                                                                                  SHA-512:787A91C02A621D5867F4BF0F455052BFAF6398FF368E8CA3E6A751E17745479EBD41F9076C4DC467CF3A78CA277E1359948847B35C78DAB53B1C907A89EED378
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L......f.........."!......3..8.......&.......................................T.......S...@A........................r.;.m....;...... >...............R..)....S......a;......................`;.......3...............;.4.....;.`....................text...8.3.......3................. ..`.rdata...=....3..>....3.............@..@.data.........<..@....;.............@....00cfg........=......><.............@..@.rodata.......=......@<............. ..`.tls....Y.....=......B<.............@...CPADinfo0.....>......D<.............@...malloc_h......>......F<............. ..`.rsrc........ >......H<.............@..@.reloc........S......8Q.............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\Opera_installer_2403301639261945676.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe
                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):6319520
                                                                                                                                                                                                  Entropy (8bit):6.820027329259605
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:49152:nAPKjSg2H+lL+uSZc2Ha+H3vRzV8SkLXlmRwKeS2JCpWdZRAmRfH/PFaR1lokrHG:HoHR/dVh6txfG1loZO4FSrn2vTjf
                                                                                                                                                                                                  MD5:498675CDC1070D2C8A90439866FC7D4E
                                                                                                                                                                                                  SHA1:A2B14A03B723866E233334420EC2E040B5A8F62B
                                                                                                                                                                                                  SHA-256:B471E7FF5A1E2F288ED640C99627063CE43994D4FBCE6386ADD5276B94E9CF04
                                                                                                                                                                                                  SHA-512:3A9A0827E29B48EB9C3283FC92E7C8E6585F5BBFA83E51D1FFB703356F8BDCA6A49E9094D94D7EDC7FA23F0B2FA0D849A40536C1EAE95D925F17780B3C7D760D
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......f.........." .....d>...!..... u........................................b......`...`A..........................................F.m.....F......PM.......J......D`..)...@b.|7..L.F.8................... .F.(...0.>.@...........p.G.x.....F.`....................text....b>......d>................. ..`.rdata........>......h>.............@..@.data...8....0H.......H.............@....pdata........J.......I.............@..@.00cfg..0.....L.......J.............@..@.gxfg....4....L..4....J.............@..@.retplne......L.......J..................rodata.......L.......J............. ..`.tls....).....L.......K.............@...CPADinfo@.....M.......K.............@...LZMADEC.......M.......K............. ..`_RDATA..\....0M.......K.............@..@malloc_h.....@M.......K............. ..`.rsrc........PM.......K.............@..@.reloc..|7...@b..8....`.............@..B................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\Opera_installer_2403301639264782764.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe
                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):6319520
                                                                                                                                                                                                  Entropy (8bit):6.820027329259605
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:49152:nAPKjSg2H+lL+uSZc2Ha+H3vRzV8SkLXlmRwKeS2JCpWdZRAmRfH/PFaR1lokrHG:HoHR/dVh6txfG1loZO4FSrn2vTjf
                                                                                                                                                                                                  MD5:498675CDC1070D2C8A90439866FC7D4E
                                                                                                                                                                                                  SHA1:A2B14A03B723866E233334420EC2E040B5A8F62B
                                                                                                                                                                                                  SHA-256:B471E7FF5A1E2F288ED640C99627063CE43994D4FBCE6386ADD5276B94E9CF04
                                                                                                                                                                                                  SHA-512:3A9A0827E29B48EB9C3283FC92E7C8E6585F5BBFA83E51D1FFB703356F8BDCA6A49E9094D94D7EDC7FA23F0B2FA0D849A40536C1EAE95D925F17780B3C7D760D
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......f.........." .....d>...!..... u........................................b......`...`A..........................................F.m.....F......PM.......J......D`..)...@b.|7..L.F.8................... .F.(...0.>.@...........p.G.x.....F.`....................text....b>......d>................. ..`.rdata........>......h>.............@..@.data...8....0H.......H.............@....pdata........J.......I.............@..@.00cfg..0.....L.......J.............@..@.gxfg....4....L..4....J.............@..@.retplne......L.......J..................rodata.......L.......J............. ..`.tls....).....L.......K.............@...CPADinfo@.....M.......K.............@...LZMADEC.......M.......K............. ..`_RDATA..\....0M.......K.............@..@malloc_h.....@M.......K............. ..`.rsrc........PM.......K.............@..@.reloc..|7...@b..8....`.............@..B................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\assistant_installer_20240330173850.log

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exe
                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                  Category:modified
                                                                                                                                                                                                  Size (bytes):244
                                                                                                                                                                                                  Entropy (8bit):5.040368881702625
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6:qWWRSNeZElZOXb1h5il2iqOXFpd1i4P923fIvEWXFxSC60UzilaWLDlZOXLQOn:kROe6POXbMVTXF6kEWXFx2kLPOXfn
                                                                                                                                                                                                  MD5:3B740B6F7781AF46E4A9468C10214FF2
                                                                                                                                                                                                  SHA1:01F697F0BCC30949B2997D377EBC7E61A42545B9
                                                                                                                                                                                                  SHA-256:8F3A81B5AD0C76A56275A4A8266DD4F2C19A049D0702B6F1B4A6C76B5CF06391
                                                                                                                                                                                                  SHA-512:9F07F988A1A60C0742FF4D612E1C370393C62857D6B790A3D7EE58F7C7620245F35385E1CE95E382F438E60A86F07F2621DC2161E3DD60CC04348E78A0E3152D
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:[0330/173850.978:INFO:assistant_installer_main.cc(169)] Running assistant installer with command line "C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exe" --version.

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\is-LCQTO.tmp\winrar-x64-620b2.tmp

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\winrar-x64-620b2.exe
                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):3014144
                                                                                                                                                                                                  Entropy (8bit):6.393834693952719
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:49152:fLJwSihjOb6GLb4SKEs3DyOMC2DlUt0+yO3A32ASNTvu:dwSi0b67zeCzt0+yO3kS
                                                                                                                                                                                                  MD5:FD9446F7F5062FF6D90110D83B5814C2
                                                                                                                                                                                                  SHA1:4646C235ECA2DDFE562FFA200F0E91613F930CD1
                                                                                                                                                                                                  SHA-256:005CB3823E24C9B68A2FD09B8CDBADB94BB2F25B34F877F43BAAC98594CD405C
                                                                                                                                                                                                  SHA-512:8AFCD0D439125E897F024E0D8B271A13194D85F31BB32541F6609403A73AF34AF0A3CB6AEC2AA8E7DD91373720C86A7E51502D4EAEEEBD1E6B832ABE2ACE18BB
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L...p.._.................$,.........P6,......@,...@.......................................@......@....................-......`-.49....-.......................................................-......................i-.......-......................text...P.+.......+................. ..`.itext..t(....,..*....+............. ..`.data.......@,......(,.............@....bss.....x....,..........................idata..49...`-..:....,.............@....didata.......-.......,.............@....edata........-.......-.............@..@.tls....L.....-..........................rdata..].....-.......-.............@..@.rsrc.........-.......-.............@..@......................-.............@..@........................................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\_isetup\_setup64.tmp

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-LCQTO.tmp\winrar-x64-620b2.tmp
                                                                                                                                                                                                  File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):6144
                                                                                                                                                                                                  Entropy (8bit):4.720366600008286
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:sfkcXegaJ/ZAYNzcld1xaX12p+gt1sONA0:sfJEVYlvxaX12C6A0
                                                                                                                                                                                                  MD5:E4211D6D009757C078A9FAC7FF4F03D4
                                                                                                                                                                                                  SHA1:019CD56BA687D39D12D4B13991C9A42EA6BA03DA
                                                                                                                                                                                                  SHA-256:388A796580234EFC95F3B1C70AD4CB44BFDDC7BA0F9203BF4902B9929B136F95
                                                                                                                                                                                                  SHA-512:17257F15D843E88BB78ADCFB48184B8CE22109CC2C99E709432728A392AFAE7B808ED32289BA397207172DE990A354F15C2459B6797317DA8EA18B040C85787E
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^...............l...............=\......=\......=\......Rich............................PE..d.....R..........#............................@.............................`.......,......................................................<!.......P..H....@..0.................................................................... ...............................text............................... ..`.rdata..|.... ......................@..@.data...,....0......................@....pdata..0....@......................@..@.rsrc...H....P......................@..@................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\is-41CVR.tmp

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-LCQTO.tmp\winrar-x64-620b2.tmp
                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):11392308
                                                                                                                                                                                                  Entropy (8bit):7.999797119880014
                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                  SSDEEP:196608:0k9ZAzo3LKL4vtfzbt0mGBXzvOcEGLcpeuiJCiKIUPt0qXqmEKBHyPo068uzl:0k3N3mL4vtfV0mUjRkiJEPtWJyQ168ux
                                                                                                                                                                                                  MD5:3287172FF65AD8CDEEC8FDEC30F8D393
                                                                                                                                                                                                  SHA1:FC96721EBC8D63934A0D5ABB69A00A7E2C4EE662
                                                                                                                                                                                                  SHA-256:3A8A64D29F9EEAAFA1BA0522F8D795652630FD404E6B51B7CF6CEC8AF0D5EEA6
                                                                                                                                                                                                  SHA-512:DB4FF0A0E23C57D9C41C2D8DA033F37CD397307F86E2333685DD164C1E48E3E16CDC930D08EB0D8C893E7E3092334D5A6C77E752E79F5FE307BA2092445F83CD
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1..:u..iu..iu..i..iw..iu..i...i..id..i!..i...i...it..iRichu..i........................PE..L......K.................\..........<2.......p....@..........................................................................s.......`...?...........................................................................p...............................text...ZZ.......\.................. ..`.rdata.......p.......`..............@..@.data................r..............@....ndata... ...@...........................rsrc....?...`...@...v..............@..@................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\is-AH7IJ.tmp

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-LCQTO.tmp\winrar-x64-620b2.tmp
                                                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):110
                                                                                                                                                                                                  Entropy (8bit):5.152735200996368
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3:N89LLe2ViVoC+1p9XNeOWRVonVu:2tigTXfWgVu
                                                                                                                                                                                                  MD5:226B659C62363CD593D6E1C26B79FDC6
                                                                                                                                                                                                  SHA1:A50CFA857EAE9C68AB6BF9B588C1F0D63033BEF1
                                                                                                                                                                                                  SHA-256:B069460BBA8D3644D93F5C58C47015AECACB6633CB7B620E48DDF1F8DD16AC76
                                                                                                                                                                                                  SHA-512:6EA66E0A727CCCB8C9DB5BD56EAD3C8ED0F9CBAB9DE40D8E21E685DD65F6AB3209CD2B214A50088408A5F8BE191E7DC8C4EB0BD495D4C49C3A416CD949A86C8D
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:https://maskreason.xyz/pe/build.php?pe=1&sub=&source=2268&s1=46134022&title=UmVhbCBGaWxlcw%3D%3D&ti=1711816678

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\is-DTSNU.tmp

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-LCQTO.tmp\winrar-x64-620b2.tmp
                                                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2
                                                                                                                                                                                                  Entropy (8bit):1.0
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3:V:V
                                                                                                                                                                                                  MD5:444BCB3A3FCF8389296C49467F27E1D6
                                                                                                                                                                                                  SHA1:7A85F4764BBD6DAF1C3545EFBBF0F279A6DC0BEB
                                                                                                                                                                                                  SHA-256:2689367B205C16CE32ED4200942B8B8B1E262DFC70D9BC9FBC77C49699A4F1DF
                                                                                                                                                                                                  SHA-512:9FBBBB5A0F329F9782E2356FA41D89CF9B3694327C1A934D6AF2A9DF2D7F936CE83717FB513196A4CE5548471708CD7134C2AE99B3C357BCABB2EAFC7B9B7570
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:ok

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\is-M0KKM.tmp

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-LCQTO.tmp\winrar-x64-620b2.tmp
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):7115654
                                                                                                                                                                                                  Entropy (8bit):7.9999517794607025
                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                  SSDEEP:98304:ETH8zGHwjDl8K4c7ve4XmmWXp2yyo1h3RTH8zrHwjDl8K4c7ve4XmmWXp2yr:eGpJ8Kz72bL218dGAJ8Kz72bL26
                                                                                                                                                                                                  MD5:3B23A82A2A5C3556CD40FF77CE6B911D
                                                                                                                                                                                                  SHA1:B6E9D03B674238A0913CD078B5C5D1A43B1B4E2E
                                                                                                                                                                                                  SHA-256:315DFD2C050723E600F276CF0C76B327C1E928451A85888E409C3C0E29F5AF27
                                                                                                                                                                                                  SHA-512:7FD168354F85EBBE9B6B5BBA4A284454E7961FA74FC3C3F178E3389E244A32C6868AE0686D0444867AAD1676D2839A2C3AAB25DAA292CC1E23E40F52B28B7827
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:...G........_D.......#..N."N.n"@W...5bz..<W..$./.h.C.#...f5..8Sy...^!.QS.@.5FLz/.../.].+...-.R....6:...z......h.hNJ!.M..".$p-..W.7D.N.a...!.b.ry.B..b..8.|~MNBe..wtF.....k..@..oR-.`.[F......o.....v...N.YA..n.....y1.-0l9......6m....~.....l.EF..t......EQu+..9.......f..g[.'.].d~]...&....C..H..P.:D2p..4P.F....Jf...5=}0"...HQ..#.1.....~..h1P....:^....._..s.m..<..d?/.,..... ..x;..<...7....d..J..\_....hi_\`281Y".;..:'..;RN.]....:As<A.@.(@..H.....y."8:Wh.U..........?9..NX..........9........M.K.%. o9Ws:.....NM........TB.f....8a..M...M...`.2..s.e.y.B...E.M...R.J...@.^.....i..(Y..J...^.... ...:Xf.$...}..|Ii.[......$&.._*...../g2p4.....%..r..~I...zA.Bs.q.o..5:%)|n.5R.2,.....&,$.....<[;..WLl......G..u....cmx..89.|?!...>z.4.(.....1..Q|.F_J...B.3..B`.5P....,..fR.r.^K...r..m....h.C..U.<....Mq-9c].......1..o.....y.Z.<[.....$..3... e.3.O7$..y.fs...uEx.......s.,...)F....ry..H".9.....M;...._!...K.Jm...-.).x{..J..........x.x.W.}d...n..[...L...U.9...S%na

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\is-U8A6E.tmp

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-LCQTO.tmp\winrar-x64-620b2.tmp
                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):11392308
                                                                                                                                                                                                  Entropy (8bit):7.999797119880014
                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                  SSDEEP:196608:0k9ZAzo3LKL4vtfzbt0mGBXzvOcEGLcpeuiJCiKIUPt0qXqmEKBHyPo068uzl:0k3N3mL4vtfV0mUjRkiJEPtWJyQ168ux
                                                                                                                                                                                                  MD5:3287172FF65AD8CDEEC8FDEC30F8D393
                                                                                                                                                                                                  SHA1:FC96721EBC8D63934A0D5ABB69A00A7E2C4EE662
                                                                                                                                                                                                  SHA-256:3A8A64D29F9EEAAFA1BA0522F8D795652630FD404E6B51B7CF6CEC8AF0D5EEA6
                                                                                                                                                                                                  SHA-512:DB4FF0A0E23C57D9C41C2D8DA033F37CD397307F86E2333685DD164C1E48E3E16CDC930D08EB0D8C893E7E3092334D5A6C77E752E79F5FE307BA2092445F83CD
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1..:u..iu..iu..i..iw..iu..i...i..id..i!..i...i...it..iRichu..i........................PE..L......K.................\..........<2.......p....@..........................................................................s.......`...?...........................................................................p...............................text...ZZ.......\.................. ..`.rdata.......p.......`..............@..@.data................r..............@....ndata... ...@...........................rsrc....?...`...@...v..............@..@................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup (copy)

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-LCQTO.tmp\winrar-x64-620b2.tmp
                                                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):110
                                                                                                                                                                                                  Entropy (8bit):5.152735200996368
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3:N89LLe2ViVoC+1p9XNeOWRVonVu:2tigTXfWgVu
                                                                                                                                                                                                  MD5:226B659C62363CD593D6E1C26B79FDC6
                                                                                                                                                                                                  SHA1:A50CFA857EAE9C68AB6BF9B588C1F0D63033BEF1
                                                                                                                                                                                                  SHA-256:B069460BBA8D3644D93F5C58C47015AECACB6633CB7B620E48DDF1F8DD16AC76
                                                                                                                                                                                                  SHA-512:6EA66E0A727CCCB8C9DB5BD56EAD3C8ED0F9CBAB9DE40D8E21E685DD65F6AB3209CD2B214A50088408A5F8BE191E7DC8C4EB0BD495D4C49C3A416CD949A86C8D
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:https://maskreason.xyz/pe/build.php?pe=1&sub=&source=2268&s1=46134022&title=UmVhbCBGaWxlcw%3D%3D&ti=1711816678

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.dll (copy)

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-LCQTO.tmp\winrar-x64-620b2.tmp
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):7115654
                                                                                                                                                                                                  Entropy (8bit):7.9999517794607025
                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                  SSDEEP:98304:ETH8zGHwjDl8K4c7ve4XmmWXp2yyo1h3RTH8zrHwjDl8K4c7ve4XmmWXp2yr:eGpJ8Kz72bL218dGAJ8Kz72bL26
                                                                                                                                                                                                  MD5:3B23A82A2A5C3556CD40FF77CE6B911D
                                                                                                                                                                                                  SHA1:B6E9D03B674238A0913CD078B5C5D1A43B1B4E2E
                                                                                                                                                                                                  SHA-256:315DFD2C050723E600F276CF0C76B327C1E928451A85888E409C3C0E29F5AF27
                                                                                                                                                                                                  SHA-512:7FD168354F85EBBE9B6B5BBA4A284454E7961FA74FC3C3F178E3389E244A32C6868AE0686D0444867AAD1676D2839A2C3AAB25DAA292CC1E23E40F52B28B7827
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:...G........_D.......#..N."N.n"@W...5bz..<W..$./.h.C.#...f5..8Sy...^!.QS.@.5FLz/.../.].+...-.R....6:...z......h.hNJ!.M..".$p-..W.7D.N.a...!.b.ry.B..b..8.|~MNBe..wtF.....k..@..oR-.`.[F......o.....v...N.YA..n.....y1.-0l9......6m....~.....l.EF..t......EQu+..9.......f..g[.'.].d~]...&....C..H..P.:D2p..4P.F....Jf...5=}0"...HQ..#.1.....~..h1P....:^....._..s.m..<..d?/.,..... ..x;..<...7....d..J..\_....hi_\`281Y".;..:'..;RN.]....:As<A.@.(@..H.....y."8:Wh.U..........?9..NX..........9........M.K.%. o9Ws:.....NM........TB.f....8a..M...M...`.2..s.e.y.B...E.M...R.J...@.^.....i..(Y..J...^.... ...:Xf.$...}..|Ii.[......$&.._*...../g2p4.....%..r..~I...zA.Bs.q.o..5:%)|n.5R.2,.....&,$.....<[;..WLl......G..u....cmx..89.|?!...>z.4.(.....1..Q|.F_J...B.3..B`.5P....,..fR.r.^K...r..m....h.C..U.<....Mq-9c].......1..o.....y.Z.<[.....$..3... e.3.O7$..y.fs...uEx.......s.,...)F....ry..H".9.....M;...._!...K.Jm...-.).x{..J..........x.x.W.}d...n..[...L...U.9...S%na

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exe (copy)

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-LCQTO.tmp\winrar-x64-620b2.tmp
                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):11392308
                                                                                                                                                                                                  Entropy (8bit):7.999797119880014
                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                  SSDEEP:196608:0k9ZAzo3LKL4vtfzbt0mGBXzvOcEGLcpeuiJCiKIUPt0qXqmEKBHyPo068uzl:0k3N3mL4vtfV0mUjRkiJEPtWJyQ168ux
                                                                                                                                                                                                  MD5:3287172FF65AD8CDEEC8FDEC30F8D393
                                                                                                                                                                                                  SHA1:FC96721EBC8D63934A0D5ABB69A00A7E2C4EE662
                                                                                                                                                                                                  SHA-256:3A8A64D29F9EEAAFA1BA0522F8D795652630FD404E6B51B7CF6CEC8AF0D5EEA6
                                                                                                                                                                                                  SHA-512:DB4FF0A0E23C57D9C41C2D8DA033F37CD397307F86E2333685DD164C1E48E3E16CDC930D08EB0D8C893E7E3092334D5A6C77E752E79F5FE307BA2092445F83CD
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1..:u..iu..iu..i..iw..iu..i...i..id..i!..i...i...it..iRichu..i........................PE..L......K.................\..........<2.......p....@..........................................................................s.......`...?...........................................................................p...............................text...ZZ.......\.................. ..`.rdata.......p.......`..............@..@.data................r..............@....ndata... ...@...........................rsrc....?...`...@...v..............@..@................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\status.log (copy)

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-LCQTO.tmp\winrar-x64-620b2.tmp
                                                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2
                                                                                                                                                                                                  Entropy (8bit):1.0
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3:V:V
                                                                                                                                                                                                  MD5:444BCB3A3FCF8389296C49467F27E1D6
                                                                                                                                                                                                  SHA1:7A85F4764BBD6DAF1C3545EFBBF0F279A6DC0BEB
                                                                                                                                                                                                  SHA-256:2689367B205C16CE32ED4200942B8B8B1E262DFC70D9BC9FBC77C49699A4F1DF
                                                                                                                                                                                                  SHA-512:9FBBBB5A0F329F9782E2356FA41D89CF9B3694327C1A934D6AF2A9DF2D7F936CE83717FB513196A4CE5548471708CD7134C2AE99B3C357BCABB2EAFC7B9B7570
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:ok

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\nspC3B4.tmp

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):11372961
                                                                                                                                                                                                  Entropy (8bit):7.996679716890381
                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                  SSDEEP:196608:sYq5pjxAwA/THcNwTAlAWzN+PpC6UQJlU/rnsfx+KNZeYez8aQHD2peix:sTtxAwAb8NwT1I+Z7inI+sZh/HKpR
                                                                                                                                                                                                  MD5:73628026F53E78FD42179E6FEB2A5048
                                                                                                                                                                                                  SHA1:45BF7103209E13FD20B8C18D1E25BE1AA0692DE9
                                                                                                                                                                                                  SHA-256:65243D6E07DECFBE5BA1E48ABF1C8EAE742BB4410359D707EF4A108574A5B8DA
                                                                                                                                                                                                  SHA-512:10ADD17F521DB4260D55DF68C6889811F7EFC3E4783A6E1EA317B23B3390139FF229CE0BA20D06606EF089DF8194AFBB44D2F309DBB7AFF935AE43358BB6D474
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:.x......,...................m....N.......w.......x..........................................................................1................................................................................................................................................................................)..f.......................J.......................L...............j.......................J.......................................................................................................R...........4...%....+..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\nswE17E.tmp\inetc.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):23040
                                                                                                                                                                                                  Entropy (8bit):5.540206398655926
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:PWc7V9H6MVsnCPFN4DC5/kdhdj/ouVj19L0d10Ac9khYLMkIX0+GbyeEaI2sJ:PWqTH/V7tHSWutp
                                                                                                                                                                                                  MD5:CAB75D596ADF6BAC4BA6A8374DD71DE9
                                                                                                                                                                                                  SHA1:FB90D4F13331D0C9275FA815937A4FF22EAD6FA3
                                                                                                                                                                                                  SHA-256:89E24E4124B607F3F98E4DF508C4DDD2701D8F7FCF1DC6E2ABA11D56C97C0C5A
                                                                                                                                                                                                  SHA-512:510786599289C8793526969CFE0A96E049436D40809C1C351642B2C67D5FB2394CB20887010727A5DA35C52A20C5557AD940967053B1B59AD91CA1307208C391
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........yP..*P..*P..*.:.*Y..*P..*...*.["*R..*.[#*Q..*.[.*Q..*]..*Q..*.[.*Q..*RichP..*........PE..L...?..V...........!.........^......!0.......@............................................@..........................D..l....D..d...............................X....................................................@..P............................text...!,.......................... ..`.rdata.......@.......2..............@..@.data...<<...P.......@..............@....rsrc................H..............@..@.reloc..X............R..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\nswE17E.tmp\s

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exe
                                                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2
                                                                                                                                                                                                  Entropy (8bit):1.0
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3:V:V
                                                                                                                                                                                                  MD5:444BCB3A3FCF8389296C49467F27E1D6
                                                                                                                                                                                                  SHA1:7A85F4764BBD6DAF1C3545EFBBF0F279A6DC0BEB
                                                                                                                                                                                                  SHA-256:2689367B205C16CE32ED4200942B8B8B1E262DFC70D9BC9FBC77C49699A4F1DF
                                                                                                                                                                                                  SHA-512:9FBBBB5A0F329F9782E2356FA41D89CF9B3694327C1A934D6AF2A9DF2D7F936CE83717FB513196A4CE5548471708CD7134C2AE99B3C357BCABB2EAFC7B9B7570
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:ok

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exe
                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):3581608
                                                                                                                                                                                                  Entropy (8bit):7.773137148819644
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:98304:JXNMGeiRvKLzPXB8upFO39fYFLkVRHCoyXw2xDx0TJO:JdF9KJGvtQp
                                                                                                                                                                                                  MD5:63BF5E3553D023DA35C365109C3AEDCF
                                                                                                                                                                                                  SHA1:BDB3A6C22687FD882BB45564FE1B4A149CD15EF4
                                                                                                                                                                                                  SHA-256:AED161141E35ADBE2EEC4B14D7A52885A5AFA7E34E8DD6A7B027F024DC35A27C
                                                                                                                                                                                                  SHA-512:CF098712D76236B68529B0457F49C04CBF54E6729B52A6F7A9CDB2E677E72485865EA24E5B995B85EA2AA3D2E421347CC3564073B052AF6C0EA8699E2B574CDD
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L......f.........."......P6..@...`%.p.[..p%...[...@...........................\.....D.7...@...................................[.......[../...........z6..,....[.............................4.[.....T.[.............................................UPX0.....`%.............................UPX1.....P6..p%..F6.................@....rsrc....@....[..2...H6.............@...4.02.UPX!....<.O..6*..[.[A6...[.&...a.!.U..]....U..1.]........SWV.....E.`..@....@.......pd.....d....}...........M.1..U..A.M.).).9..L.M.4.....9.r.9.wx.u..t.SPQ....\.U.....B.......B..M...;}.}<.M...Z.9.r........X$.E..........p.......t.....`..A1.CL.1..EZ.F...........^_[]...>..h.....E....h...y..,...;.....f.o8..U......E....WV.........x ..}.u.1.H^_].n...F..H..N......5.?.@8.OM.P...n...P..}..O..G~.<..W.)..9.r....9..p.......Y.SQR...\........\}..W.......;E.}H...w.._.9.r..E.....E...X0%..{.d.....u.g..

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_1.exe

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exe
                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):11236231
                                                                                                                                                                                                  Entropy (8bit):7.970570426981133
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:196608:dVcJuXNZg7RBXOo1VJIybXk6nOf077Ogvd3TaMwg2GRw8R+F/LP6Wtt5o9o:XHzUR9j1X7U6nOfQOAzwg2GRw8cZCW5R
                                                                                                                                                                                                  MD5:F54F246DAEF8BF03B0808A9FE12ACBCD
                                                                                                                                                                                                  SHA1:D6F8DB675F87164977E5B6911D7FABE040226ECB
                                                                                                                                                                                                  SHA-256:4AF5BD80FE270C862FCCDD5C13ACADD7B95C7631191C551705DC2BB4CEBD4278
                                                                                                                                                                                                  SHA-512:EC60E3688F8BD4FAAE3013D9C0CD86EADA2A4CFADAD509B4BB7D3515B3541618E72D4EC469A769A3688FD7DE6B67DC3C43FECAAE4CBA09AC16BC5E53A0D4689D
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L......c.................R...^.......^.......p....@.......................................@......@...................@....... .......p.......................................................`......................."..T....0.......................text....9.......:.................. ..`.itext.......P.......>.............. ..`.data....7...p...8...V..............@....bss.....m...............................idata....... ......................@....didata......0......................@....edata.......@......................@..@.tls.........P...........................rdata..]....`......................@..@.rsrc........p......................@..@....................................@..@........................................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\nswE17E.tmp\status.log

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exe
                                                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2
                                                                                                                                                                                                  Entropy (8bit):1.0
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3:V:V
                                                                                                                                                                                                  MD5:444BCB3A3FCF8389296C49467F27E1D6
                                                                                                                                                                                                  SHA1:7A85F4764BBD6DAF1C3545EFBBF0F279A6DC0BEB
                                                                                                                                                                                                  SHA-256:2689367B205C16CE32ED4200942B8B8B1E262DFC70D9BC9FBC77C49699A4F1DF
                                                                                                                                                                                                  SHA-512:9FBBBB5A0F329F9782E2356FA41D89CF9B3694327C1A934D6AF2A9DF2D7F936CE83717FB513196A4CE5548471708CD7134C2AE99B3C357BCABB2EAFC7B9B7570
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:ok

                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Opera GX Browser .lnk

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe
                                                                                                                                                                                                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Sat Mar 30 15:39:26 2024, mtime=Sat Mar 30 15:39:26 2024, atime=Wed Mar 27 07:51:27 2024, length=2304416, window=hide
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1435
                                                                                                                                                                                                  Entropy (8bit):4.926474739168592
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:8m0bHfOAp8D+Qh85ReRCMNYLKW/k8AyPmJGmIA4Zrqy6EZWNEyogm:8m0bHuDBe5ReRCMNYeW/AyPmJGmzy6EI
                                                                                                                                                                                                  MD5:5C13349CA0DA561D14500DE0A0C88A1B
                                                                                                                                                                                                  SHA1:A6613B906BB9A0DE4630933DB99F37A7A8D2F0FB
                                                                                                                                                                                                  SHA-256:9FD657AB061820E37003A3A27FF5150F4764D23FD8D7866E45DBA58B8B9591FA
                                                                                                                                                                                                  SHA-512:3976DD52766121D2E5CA586528F5584056F58629B70E6704C4DA9C62000645903727AFF2830BD15D4A7C9BA84092147DC8A8C625E6BC4704E650348C17517952
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:L..................F.... .....T.......T.....$.:.#....)#.....................(.:..DG..Yr?.D..U..k0.&...&...... M.....M.(.....K.e.........t...CFSF..1.....DWSl..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......DWSl~X......B.....................Bdg.A.p.p.D.a.t.a...B.P.1.....~X....Local.<......DWSl~X......V..................... ..L.o.c.a.l.....Z.1.....~X...Programs..B......~X..~X............................}..P.r.o.g.r.a.m.s.....Z.1.....~X...OPERAG~1..B......~X.~X...........................7...O.p.e.r.a. .G.X.....f.2..)#.{XnF .launcher.exe..J......~X.~X.....gC.....................8..l.a.u.n.c.h.e.r...e.x.e.......k...............-.......j..........._.R......C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe..*.....\.....\.....\.....\.P.r.o.g.r.a.m.s.\.O.p.e.r.a. .G.X.\.l.a.u.n.c.h.e.r...e.x.e./.C.:.\.U.s.e.r.s.\.a.l.f.o.n.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.P.r.o.g.r.a.m.s.\.O.p.e.r.a. .G.X.............:...........|....I.J.H..K..:...`.......X.......347688...........hT..

                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera GX Browser .lnk

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe
                                                                                                                                                                                                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Sat Mar 30 15:39:26 2024, mtime=Sat Mar 30 15:39:26 2024, atime=Wed Mar 27 07:51:27 2024, length=2304416, window=hide
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1435
                                                                                                                                                                                                  Entropy (8bit):4.926474739168592
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:8m0bHfOAp8D+Qh85ReRCMNYLKW/k8AyPmJGmIA4Zrqy6EZWNEyogm:8m0bHuDBe5ReRCMNYeW/AyPmJGmzy6EI
                                                                                                                                                                                                  MD5:5C13349CA0DA561D14500DE0A0C88A1B
                                                                                                                                                                                                  SHA1:A6613B906BB9A0DE4630933DB99F37A7A8D2F0FB
                                                                                                                                                                                                  SHA-256:9FD657AB061820E37003A3A27FF5150F4764D23FD8D7866E45DBA58B8B9591FA
                                                                                                                                                                                                  SHA-512:3976DD52766121D2E5CA586528F5584056F58629B70E6704C4DA9C62000645903727AFF2830BD15D4A7C9BA84092147DC8A8C625E6BC4704E650348C17517952
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:L..................F.... .....T.......T.....$.:.#....)#.....................(.:..DG..Yr?.D..U..k0.&...&...... M.....M.(.....K.e.........t...CFSF..1.....DWSl..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......DWSl~X......B.....................Bdg.A.p.p.D.a.t.a...B.P.1.....~X....Local.<......DWSl~X......V..................... ..L.o.c.a.l.....Z.1.....~X...Programs..B......~X..~X............................}..P.r.o.g.r.a.m.s.....Z.1.....~X...OPERAG~1..B......~X.~X...........................7...O.p.e.r.a. .G.X.....f.2..)#.{XnF .launcher.exe..J......~X.~X.....gC.....................8..l.a.u.n.c.h.e.r...e.x.e.......k...............-.......j..........._.R......C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe..*.....\.....\.....\.....\.P.r.o.g.r.a.m.s.\.O.p.e.r.a. .G.X.\.l.a.u.n.c.h.e.r...e.x.e./.C.:.\.U.s.e.r.s.\.a.l.f.o.n.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.P.r.o.g.r.a.m.s.\.O.p.e.r.a. .G.X.............:...........|....I.J.H..K..:...`.......X.......347688...........hT..

                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports\settings.dat

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):40
                                                                                                                                                                                                  Entropy (8bit):3.44546184423832
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3:FkU8fMsYs:yMns
                                                                                                                                                                                                  MD5:CB699D3A3821C3F242F4CDCC937DCB73
                                                                                                                                                                                                  SHA1:87043185A51BCDE147B654787463DADCF8B53D0F
                                                                                                                                                                                                  SHA-256:C10DE9E64730518A4CCD24C926310A3909284175D2FF9D08E1210D72144D640E
                                                                                                                                                                                                  SHA-512:23DD3B9EBA08A01A1873DED76B7F78A4F9827FBF0B26D0C75150EF4B4BFE9229E0A6D9A7117E4B4362E897A5D865DF6B872D2CB9BF08929B40E64C6F4272AB4A
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:sdPC.....................u;..M.O..p..'~I

                                                                                                                                                                                                  C:\Users\user\Desktop\Opera GX Browser .lnk

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe
                                                                                                                                                                                                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Sat Mar 30 15:39:26 2024, mtime=Sat Mar 30 15:39:26 2024, atime=Wed Mar 27 07:51:27 2024, length=2304416, window=hide
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1435
                                                                                                                                                                                                  Entropy (8bit):4.926474739168592
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:8m0bHfOAp8D+Qh85ReRCMNYLKW/k8AyPmJGmIA4Zrqy6EZWNEyogm:8m0bHuDBe5ReRCMNYeW/AyPmJGmzy6EI
                                                                                                                                                                                                  MD5:5C13349CA0DA561D14500DE0A0C88A1B
                                                                                                                                                                                                  SHA1:A6613B906BB9A0DE4630933DB99F37A7A8D2F0FB
                                                                                                                                                                                                  SHA-256:9FD657AB061820E37003A3A27FF5150F4764D23FD8D7866E45DBA58B8B9591FA
                                                                                                                                                                                                  SHA-512:3976DD52766121D2E5CA586528F5584056F58629B70E6704C4DA9C62000645903727AFF2830BD15D4A7C9BA84092147DC8A8C625E6BC4704E650348C17517952
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:L..................F.... .....T.......T.....$.:.#....)#.....................(.:..DG..Yr?.D..U..k0.&...&...... M.....M.(.....K.e.........t...CFSF..1.....DWSl..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......DWSl~X......B.....................Bdg.A.p.p.D.a.t.a...B.P.1.....~X....Local.<......DWSl~X......V..................... ..L.o.c.a.l.....Z.1.....~X...Programs..B......~X..~X............................}..P.r.o.g.r.a.m.s.....Z.1.....~X...OPERAG~1..B......~X.~X...........................7...O.p.e.r.a. .G.X.....f.2..)#.{XnF .launcher.exe..J......~X.~X.....gC.....................8..l.a.u.n.c.h.e.r...e.x.e.......k...............-.......j..........._.R......C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe..*.....\.....\.....\.....\.P.r.o.g.r.a.m.s.\.O.p.e.r.a. .G.X.\.l.a.u.n.c.h.e.r...e.x.e./.C.:.\.U.s.e.r.s.\.a.l.f.o.n.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.P.r.o.g.r.a.m.s.\.O.p.e.r.a. .G.X.............:...........|....I.J.H..K..:...`.......X.......347688...........hT..

                                                                                                                                                                                                  C:\idman641build3.exe

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exe
                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):11318936
                                                                                                                                                                                                  Entropy (8bit):7.9978182614168265
                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                  SSDEEP:196608:UYq5pjxAwA/THcNwTAlAWzN+PpC6UQJlU/rnsfx+KNZeYez8aQHD2peix:UTtxAwAb8NwT1I+Z7inI+sZh/HKpR
                                                                                                                                                                                                  MD5:D82CD880F4AB8A8E574C1CC049C99304
                                                                                                                                                                                                  SHA1:390579E601945CBBD122DC1AEFBA1B94E1EFEE2C
                                                                                                                                                                                                  SHA-256:E3F599DDFDDD248D8C94DD88297B69166860C722B9A2B1E6FDC40C34FF367AB0
                                                                                                                                                                                                  SHA-512:18C2481255B237C3C73D8B0105BA32A41659FCF3C85F5174EA8F6808DDE11FE057591513F4A3ADD2667F6D461ECD9A66C14E5BAA2FDEF87C6CFEC817606D4B66
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........@,R.!B..!B..!B..>Q..!B..=L..!B..>H..!B..>F..!B..!C..!B...I..!B...H..!B.L'D..!B.Rich.!B.........PE..L....o;c.................<...h.......B.......P....@..................................,.......................................D..x....p..xG...............)..............................................................d............................text....;.......<.................. ....data........P.......@..............@....rsrc...xG...p...H...\..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  \Device\Mailslot\opera_installer\C:\Users\user\AppData\Local\Programs\Opera GX

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):4552
                                                                                                                                                                                                  Entropy (8bit):3.9132475548573042
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:AVJ5DoVhA+pZk9kME/ESEREEE7E+EdEgEHEaEZEMEjEmElEIEvECE5VFFuPKsKTY:l3glJK
                                                                                                                                                                                                  MD5:83315AEA5E22DD8EF109BA5AE78D9B1E
                                                                                                                                                                                                  SHA1:2D87AD11A43C47C45CFB1C5DA6714CE28D6D23C4
                                                                                                                                                                                                  SHA-256:C6D97377DA2BAFDF1923E2390B49819D5E6CC16853229D3DA8FC912BC8A1FD93
                                                                                                                                                                                                  SHA-512:39EC12E46E5678EEBD0C00D24654870C1DC0E3ED6DA7880437CDEA39FB0810C8C07EF95D973E3CA1152C1165138531AFD483F88E44A1A1B52D3459C338CBD757
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:........:Installer message:..... .......:Installer message:......... .......:Installer message:.....%...8.......:Installer message:.........verify_package_contents.H.......:Installer message:.........verify_package_contents.................P.......:Installer message:...../...copy_file:resources/custom_partner_content.json.`.......:Installer message:...../...copy_file:resources/custom_partner_content.json.................0.......:Installer message:.........delete_file_step@.......:Installer message:.........delete_file_step................0.......:Installer message:.........delete_file_step@.......:Installer message:.........delete_file_step................,.......:Installer message:.........move_file...<.......:Installer message:.........move_file...................,.......:Installer message:.........move_file...<.......:Installer message:.........move_file...................,.......:Installer message:.........move_file...<.......:Installer message:.........move_file...................

                                                                                                                                                                                                  Static File Info

                                                                                                                                                                                                  General

                                                                                                                                                                                                  File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Entropy (8bit):7.964345185507732
                                                                                                                                                                                                  TrID:
                                                                                                                                                                                                  • Win32 Executable (generic) a (10002005/4) 98.04%
                                                                                                                                                                                                  • Inno Setup installer (109748/4) 1.08%
                                                                                                                                                                                                  • InstallShield setup (43055/19) 0.42%
                                                                                                                                                                                                  • Win32 EXE PECompact compressed (generic) (41571/9) 0.41%
                                                                                                                                                                                                  • Win16/32 Executable Delphi generic (2074/23) 0.02%
                                                                                                                                                                                                  File name:winrar-x64-620b2.exe
                                                                                                                                                                                                  File size:8'703'255 bytes
                                                                                                                                                                                                  MD5:efa2c65ab75028a909740e99763d1acb
                                                                                                                                                                                                  SHA1:688970c4b44da217a4312404303c312d33602b21
                                                                                                                                                                                                  SHA256:5c07ed55846b6418cdcb02ae6ef96c0448cc2fd457179d6072a051ecb0e15909
                                                                                                                                                                                                  SHA512:b8ded78c937add203bb73a78617dfe64dcccc18ea5076cf7e60db3e74ccac0166691b0447928c3f11628f4d9a62ad6d00662a3712c54ef6c847d76870e4b4ddb
                                                                                                                                                                                                  SSDEEP:196608:5GpJ8Kz72bL218dGAJ8Kz72bL21gJ6M8YYi:58xWbL2ed9xWbL268YYi
                                                                                                                                                                                                  TLSH:7C96233BB268A13EC16E5B3159B3D210983BBA65781B8C2F07F4095CCF6A4711F3BA55
                                                                                                                                                                                                  File Content Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7.......................................................................................................................................

                                                                                                                                                                                                  File Icon

                                                                                                                                                                                                  Icon Hash:2d2e3797b32b2b99

                                                                                                                                                                                                  Static PE Info

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Entrypoint:0x4b5eec
                                                                                                                                                                                                  Entrypoint Section:.itext
                                                                                                                                                                                                  Digitally signed:false
                                                                                                                                                                                                  Imagebase:0x400000
                                                                                                                                                                                                  Subsystem:windows gui
                                                                                                                                                                                                  Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
                                                                                                                                                                                                  DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                  Time Stamp:0x5FB0F96E [Sun Nov 15 09:48:30 2020 UTC]
                                                                                                                                                                                                  TLS Callbacks:
                                                                                                                                                                                                  CLR (.Net) Version:
                                                                                                                                                                                                  OS Version Major:6
                                                                                                                                                                                                  OS Version Minor:1
                                                                                                                                                                                                  File Version Major:6
                                                                                                                                                                                                  File Version Minor:1
                                                                                                                                                                                                  Subsystem Version Major:6
                                                                                                                                                                                                  Subsystem Version Minor:1
                                                                                                                                                                                                  Import Hash:5a594319a0d69dbc452e748bcf05892e

                                                                                                                                                                                                  Entrypoint Preview

                                                                                                                                                                                                  Instruction
                                                                                                                                                                                                  push ebp
                                                                                                                                                                                                  mov ebp, esp
                                                                                                                                                                                                  add esp, FFFFFFA4h
                                                                                                                                                                                                  push ebx
                                                                                                                                                                                                  push esi
                                                                                                                                                                                                  push edi
                                                                                                                                                                                                  xor eax, eax
                                                                                                                                                                                                  mov dword ptr [ebp-3Ch], eax
                                                                                                                                                                                                  mov dword ptr [ebp-40h], eax
                                                                                                                                                                                                  mov dword ptr [ebp-5Ch], eax
                                                                                                                                                                                                  mov dword ptr [ebp-30h], eax
                                                                                                                                                                                                  mov dword ptr [ebp-38h], eax
                                                                                                                                                                                                  mov dword ptr [ebp-34h], eax
                                                                                                                                                                                                  mov dword ptr [ebp-2Ch], eax
                                                                                                                                                                                                  mov dword ptr [ebp-28h], eax
                                                                                                                                                                                                  mov dword ptr [ebp-14h], eax
                                                                                                                                                                                                  mov eax, 004B10F0h
                                                                                                                                                                                                  call 00007F6E38C71165h
                                                                                                                                                                                                  xor eax, eax
                                                                                                                                                                                                  push ebp
                                                                                                                                                                                                  push 004B65E2h
                                                                                                                                                                                                  push dword ptr fs:[eax]
                                                                                                                                                                                                  mov dword ptr fs:[eax], esp
                                                                                                                                                                                                  xor edx, edx
                                                                                                                                                                                                  push ebp
                                                                                                                                                                                                  push 004B659Eh
                                                                                                                                                                                                  push dword ptr fs:[edx]
                                                                                                                                                                                                  mov dword ptr fs:[edx], esp
                                                                                                                                                                                                  mov eax, dword ptr [004BE634h]
                                                                                                                                                                                                  call 00007F6E38D1388Fh
                                                                                                                                                                                                  call 00007F6E38D133E2h
                                                                                                                                                                                                  lea edx, dword ptr [ebp-14h]
                                                                                                                                                                                                  xor eax, eax
                                                                                                                                                                                                  call 00007F6E38C86BD8h
                                                                                                                                                                                                  mov edx, dword ptr [ebp-14h]
                                                                                                                                                                                                  mov eax, 004C1D84h
                                                                                                                                                                                                  call 00007F6E38C6BD57h
                                                                                                                                                                                                  push 00000002h
                                                                                                                                                                                                  push 00000000h
                                                                                                                                                                                                  push 00000001h
                                                                                                                                                                                                  mov ecx, dword ptr [004C1D84h]
                                                                                                                                                                                                  mov dl, 01h
                                                                                                                                                                                                  mov eax, dword ptr [004237A4h]
                                                                                                                                                                                                  call 00007F6E38C87C3Fh
                                                                                                                                                                                                  mov dword ptr [004C1D88h], eax
                                                                                                                                                                                                  xor edx, edx
                                                                                                                                                                                                  push ebp
                                                                                                                                                                                                  push 004B654Ah
                                                                                                                                                                                                  push dword ptr fs:[edx]
                                                                                                                                                                                                  mov dword ptr fs:[edx], esp
                                                                                                                                                                                                  call 00007F6E38D13917h
                                                                                                                                                                                                  mov dword ptr [004C1D90h], eax
                                                                                                                                                                                                  mov eax, dword ptr [004C1D90h]
                                                                                                                                                                                                  cmp dword ptr [eax+0Ch], 01h
                                                                                                                                                                                                  jne 00007F6E38D19EFAh
                                                                                                                                                                                                  mov eax, dword ptr [004C1D90h]
                                                                                                                                                                                                  mov edx, 00000028h
                                                                                                                                                                                                  call 00007F6E38C88534h
                                                                                                                                                                                                  mov edx, dword ptr [004C1D90h]

                                                                                                                                                                                                  Data Directories

                                                                                                                                                                                                  NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_EXPORT0xc40000x9a.edata
                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_IMPORT0xc20000xf36.idata
                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_RESOURCE0xc70000x4800.rsrc
                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_TLS0xc60000x18.rdata
                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_IAT0xc22e40x244.idata
                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0xc30000x1a4.didata
                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                  Sections

                                                                                                                                                                                                  NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                  .text0x10000xb361c0xb3800ad6e46e3a3acdb533eb6a077f6d065afFalse0.3448639341051532data6.356058204328091IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                  .itext0xb50000x16880x1800d40fc822339d01f2abcc5493ac101c94False0.544921875data5.972750055221053IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                  .data0xb70000x37a40x38004c195d5591f6d61265df08a3733de3a2False0.36097935267857145data5.044400562007734IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                  .bss0xbb0000x6de80x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                  .idata0xc20000xf360x1000a73d686f1e8b9bb06ec767721135e397False0.3681640625data4.8987046479600425IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                  .didata0xc30000x1a40x20041b8ce23dd243d14beebc71771885c89False0.345703125data2.7563628682496506IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                  .edata0xc40000x9a0x20037c1a5c63717831863e018c0f51dabb7False0.2578125data1.8722228665884297IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                  .tls0xc50000x180x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                  .rdata0xc60000x5d0x2008f2f090acd9622c88a6a852e72f94e96False0.189453125data1.3838943752217987IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                  .rsrc0xc70000x48000x4800dd17fa3ff0ffa82a47712cd7e1ea4a56False0.3147243923611111data4.413191973467279IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                  Resources

                                                                                                                                                                                                  NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                  RT_ICON0xc74c80x128Device independent bitmap graphic, 16 x 32 x 4, image size 192DutchNetherlands0.5675675675675675
                                                                                                                                                                                                  RT_ICON0xc75f00x568Device independent bitmap graphic, 16 x 32 x 8, image size 320DutchNetherlands0.4486994219653179
                                                                                                                                                                                                  RT_ICON0xc7b580x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 640DutchNetherlands0.4637096774193548
                                                                                                                                                                                                  RT_ICON0xc7e400x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1152DutchNetherlands0.3935018050541516
                                                                                                                                                                                                  RT_STRING0xc86e80x360data0.34375
                                                                                                                                                                                                  RT_STRING0xc8a480x260data0.3256578947368421
                                                                                                                                                                                                  RT_STRING0xc8ca80x45cdata0.4068100358422939
                                                                                                                                                                                                  RT_STRING0xc91040x40cdata0.3754826254826255
                                                                                                                                                                                                  RT_STRING0xc95100x2d4data0.39226519337016574
                                                                                                                                                                                                  RT_STRING0xc97e40xb8data0.6467391304347826
                                                                                                                                                                                                  RT_STRING0xc989c0x9cdata0.6410256410256411
                                                                                                                                                                                                  RT_STRING0xc99380x374data0.4230769230769231
                                                                                                                                                                                                  RT_STRING0xc9cac0x398data0.3358695652173913
                                                                                                                                                                                                  RT_STRING0xca0440x368data0.3795871559633027
                                                                                                                                                                                                  RT_STRING0xca3ac0x2a4data0.4275147928994083
                                                                                                                                                                                                  RT_RCDATA0xca6500x10data1.5
                                                                                                                                                                                                  RT_RCDATA0xca6600x2c4data0.6384180790960452
                                                                                                                                                                                                  RT_RCDATA0xca9240x2cdata1.1818181818181819
                                                                                                                                                                                                  RT_GROUP_ICON0xca9500x3edataEnglishUnited States0.8387096774193549
                                                                                                                                                                                                  RT_VERSION0xca9900x584dataEnglishUnited States0.24929178470254956
                                                                                                                                                                                                  RT_MANIFEST0xcaf140x726XML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.4005464480874317

                                                                                                                                                                                                  Imports

                                                                                                                                                                                                  DLLImport
                                                                                                                                                                                                  kernel32.dllGetACP, GetExitCodeProcess, LocalFree, CloseHandle, SizeofResource, VirtualProtect, VirtualFree, GetFullPathNameW, ExitProcess, HeapAlloc, GetCPInfoExW, RtlUnwind, GetCPInfo, GetStdHandle, GetModuleHandleW, FreeLibrary, HeapDestroy, ReadFile, CreateProcessW, GetLastError, GetModuleFileNameW, SetLastError, FindResourceW, CreateThread, CompareStringW, LoadLibraryA, ResetEvent, GetVersion, RaiseException, FormatMessageW, SwitchToThread, GetExitCodeThread, GetCurrentThread, LoadLibraryExW, LockResource, GetCurrentThreadId, UnhandledExceptionFilter, VirtualQuery, VirtualQueryEx, Sleep, EnterCriticalSection, SetFilePointer, LoadResource, SuspendThread, GetTickCount, GetFileSize, GetStartupInfoW, GetFileAttributesW, InitializeCriticalSection, GetThreadPriority, SetThreadPriority, GetCurrentProcess, VirtualAlloc, GetSystemInfo, GetCommandLineW, LeaveCriticalSection, GetProcAddress, ResumeThread, GetVersionExW, VerifyVersionInfoW, HeapCreate, GetWindowsDirectoryW, VerSetConditionMask, GetDiskFreeSpaceW, FindFirstFileW, GetUserDefaultUILanguage, lstrlenW, QueryPerformanceCounter, SetEndOfFile, HeapFree, WideCharToMultiByte, FindClose, MultiByteToWideChar, LoadLibraryW, SetEvent, CreateFileW, GetLocaleInfoW, GetSystemDirectoryW, DeleteFileW, GetLocalTime, GetEnvironmentVariableW, WaitForSingleObject, WriteFile, ExitThread, DeleteCriticalSection, TlsGetValue, GetDateFormatW, SetErrorMode, IsValidLocale, TlsSetValue, CreateDirectoryW, GetSystemDefaultUILanguage, EnumCalendarInfoW, LocalAlloc, GetUserDefaultLangID, RemoveDirectoryW, CreateEventW, SetThreadLocale, GetThreadLocale
                                                                                                                                                                                                  comctl32.dllInitCommonControls
                                                                                                                                                                                                  version.dllGetFileVersionInfoSizeW, VerQueryValueW, GetFileVersionInfoW
                                                                                                                                                                                                  user32.dllCreateWindowExW, TranslateMessage, CharLowerBuffW, CallWindowProcW, CharUpperW, PeekMessageW, GetSystemMetrics, SetWindowLongW, MessageBoxW, DestroyWindow, CharUpperBuffW, CharNextW, MsgWaitForMultipleObjects, LoadStringW, ExitWindowsEx, DispatchMessageW
                                                                                                                                                                                                  oleaut32.dllSysAllocStringLen, SafeArrayPtrOfIndex, VariantCopy, SafeArrayGetLBound, SafeArrayGetUBound, VariantInit, VariantClear, SysFreeString, SysReAllocStringLen, VariantChangeType, SafeArrayCreate
                                                                                                                                                                                                  netapi32.dllNetWkstaGetInfo, NetApiBufferFree
                                                                                                                                                                                                  advapi32.dllRegQueryValueExW, AdjustTokenPrivileges, LookupPrivilegeValueW, RegCloseKey, OpenProcessToken, RegOpenKeyExW

                                                                                                                                                                                                  Exports

                                                                                                                                                                                                  NameOrdinalAddress
                                                                                                                                                                                                  TMethodImplementationIntercept30x454060
                                                                                                                                                                                                  __dbk_fcall_wrapper20x40d0a0
                                                                                                                                                                                                  dbkFCallWrapperAddr10x4be63c

                                                                                                                                                                                                  Possible Origin

                                                                                                                                                                                                  Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                  DutchNetherlands
                                                                                                                                                                                                  EnglishUnited States

                                                                                                                                                                                                  Network Behavior

                                                                                                                                                                                                  Skipped network analysis since the amount of network traffic is too extensive. Please download the PCAP and check manually.

                                                                                                                                                                                                  Statistics

                                                                                                                                                                                                  CPU Usage

                                                                                                                                                                                                  Click to jump to process

                                                                                                                                                                                                  Memory Usage

                                                                                                                                                                                                  Click to jump to process

                                                                                                                                                                                                  High Level Behavior Distribution

                                                                                                                                                                                                  Click to dive into process behavior distribution

                                                                                                                                                                                                  Behavior

                                                                                                                                                                                                  Click to jump to process

                                                                                                                                                                                                  System Behavior

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Target ID:0
                                                                                                                                                                                                  Start time:17:37:52
                                                                                                                                                                                                  Start date:30/03/2024
                                                                                                                                                                                                  Path:C:\Users\user\Desktop\winrar-x64-620b2.exe
                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                  Commandline:"C:\Users\user\Desktop\winrar-x64-620b2.exe"
                                                                                                                                                                                                  Imagebase:0x400000
                                                                                                                                                                                                  File size:8'703'255 bytes
                                                                                                                                                                                                  MD5 hash:EFA2C65AB75028A909740E99763D1ACB
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:Borland Delphi
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Target ID:1
                                                                                                                                                                                                  Start time:17:37:52
                                                                                                                                                                                                  Start date:30/03/2024
                                                                                                                                                                                                  Path:C:\Users\user\AppData\Local\Temp\is-LCQTO.tmp\winrar-x64-620b2.tmp
                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                  Commandline:"C:\Users\user\AppData\Local\Temp\is-LCQTO.tmp\winrar-x64-620b2.tmp" /SL5="$20456,7896458,780800,C:\Users\user\Desktop\winrar-x64-620b2.exe"
                                                                                                                                                                                                  Imagebase:0x400000
                                                                                                                                                                                                  File size:3'014'144 bytes
                                                                                                                                                                                                  MD5 hash:FD9446F7F5062FF6D90110D83B5814C2
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:Borland Delphi
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Target ID:3
                                                                                                                                                                                                  Start time:17:38:09
                                                                                                                                                                                                  Start date:30/03/2024
                                                                                                                                                                                                  Path:C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exe
                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                  Commandline:"C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exe"
                                                                                                                                                                                                  Imagebase:0x400000
                                                                                                                                                                                                  File size:11'392'308 bytes
                                                                                                                                                                                                  MD5 hash:3287172FF65AD8CDEEC8FDEC30F8D393
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Target ID:5
                                                                                                                                                                                                  Start time:17:38:21
                                                                                                                                                                                                  Start date:30/03/2024
                                                                                                                                                                                                  Path:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                  Commandline:"C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe" --silent --allusers=0
                                                                                                                                                                                                  Imagebase:0x5a0000
                                                                                                                                                                                                  File size:3'581'608 bytes
                                                                                                                                                                                                  MD5 hash:63BF5E3553D023DA35C365109C3AEDCF
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Target ID:6
                                                                                                                                                                                                  Start time:17:38:21
                                                                                                                                                                                                  Start date:30/03/2024
                                                                                                                                                                                                  Path:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                  Commandline:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=107.0.5045.79 --initial-client-data=0x398,0x39c,0x3a0,0x374,0x3a4,0x6c3a623c,0x6c3a6248,0x6c3a6254
                                                                                                                                                                                                  Imagebase:0x5a0000
                                                                                                                                                                                                  File size:3'581'608 bytes
                                                                                                                                                                                                  MD5 hash:63BF5E3553D023DA35C365109C3AEDCF
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Target ID:7
                                                                                                                                                                                                  Start time:17:38:21
                                                                                                                                                                                                  Start date:30/03/2024
                                                                                                                                                                                                  Path:C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\set_0.exe
                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                  Commandline:"C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\set_0.exe" --version
                                                                                                                                                                                                  Imagebase:0x7d0000
                                                                                                                                                                                                  File size:3'581'608 bytes
                                                                                                                                                                                                  MD5 hash:63BF5E3553D023DA35C365109C3AEDCF
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Target ID:8
                                                                                                                                                                                                  Start time:17:38:21
                                                                                                                                                                                                  Start date:30/03/2024
                                                                                                                                                                                                  Path:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                  Commandline:"C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="C:\Users\user\AppData\Local\Programs\Opera GX" --profile-folder --language=en-GB --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=6968 --package-dir-prefix="C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_20240330173821" --session-guid=a10f841a-b084-4b1c-a270-9471596263d2 --server-tracking-blob=MzQwYjFlY2Q3YzUwMzljOWRhMzc4ZWY2NDVlZTkxNGE5MzY0ODhiMmM5YmFiMDE5ZTk1N2JhOTU2NTJhM2RiNzp7ImNvdW50cnkiOiJVUyIsImVkaXRpb24iOiJzdGQtMSIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOnsibmFtZSI6Im9wZXJhX2d4In0sInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS9lZGl0aW9uL3N0ZC0xP3V0bV9zb3VyY2U9UFdOZ2FtZXMmdXRtX21lZGl1bT1wYSZ1dG1fY2FtcGFpZ249UFdOX1VTX1BCM19ERF8zNjYxJnV0bV9pZD1hOTUzMmNlZWRiYTc0NzJhODlhNzNhZGI3MDI3ZGI4NSZ1dG1fY29udGVudD0zNjYxXzIzNTMiLCJzeXN0ZW0iOnsicGxhdGZvcm0iOnsiYXJjaCI6Ing4Nl82NCIsIm9wc3lzIjoiV2luZG93cyIsIm9wc3lzLXZlcnNpb24iOiIxMCIsInBhY2thZ2UiOiJFWEUifX0sInRpbWVzdGFtcCI6IjE3MTE4MTY2OTkuOTMyNiIsInVzZXJhZ2VudCI6Iklubm9Eb3dubG9hZFBsdWdpbi8xLjUiLCJ1dG0iOnsiY2FtcGFpZ24iOiJQV05fVVNfUEIzX0REXzM2NjEiLCJjb250ZW50IjoiMzY2MV8yMzUzIiwiaWQiOiJhOTUzMmNlZWRiYTc0NzJhODlhNzNhZGI3MDI3ZGI4NSIsIm1lZGl1bSI6InBhIiwic291cmNlIjoiUFdOZ2FtZXMifSwidXVpZCI6IjFiNjA5MDQ5LTIxN2QtNDVkMy04ODZiLTM3N2E2MTY5YWJiZCJ9 --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=0406000000000000
                                                                                                                                                                                                  Imagebase:0x5a0000
                                                                                                                                                                                                  File size:3'581'608 bytes
                                                                                                                                                                                                  MD5 hash:63BF5E3553D023DA35C365109C3AEDCF
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Target ID:9
                                                                                                                                                                                                  Start time:17:38:22
                                                                                                                                                                                                  Start date:30/03/2024
                                                                                                                                                                                                  Path:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe
                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                  Commandline:C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_0.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=107.0.5045.79 --initial-client-data=0x388,0x38c,0x390,0x364,0x394,0x6b74623c,0x6b746248,0x6b746254
                                                                                                                                                                                                  Imagebase:0x5a0000
                                                                                                                                                                                                  File size:3'581'608 bytes
                                                                                                                                                                                                  MD5 hash:63BF5E3553D023DA35C365109C3AEDCF
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Target ID:11
                                                                                                                                                                                                  Start time:17:38:50
                                                                                                                                                                                                  Start date:30/03/2024
                                                                                                                                                                                                  Path:C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe
                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                  Commandline:"C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe"
                                                                                                                                                                                                  Imagebase:0x400000
                                                                                                                                                                                                  File size:1'499'104 bytes
                                                                                                                                                                                                  MD5 hash:E9A2209B61F4BE34F25069A6E54AFFEA
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Reputation:moderate
                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Target ID:12
                                                                                                                                                                                                  Start time:17:38:50
                                                                                                                                                                                                  Start date:30/03/2024
                                                                                                                                                                                                  Path:C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exe
                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                  Commandline:"C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exe" --version
                                                                                                                                                                                                  Imagebase:0x840000
                                                                                                                                                                                                  File size:1'853'592 bytes
                                                                                                                                                                                                  MD5 hash:4C8FBED0044DA34AD25F781C3D117A66
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Antivirus matches:
                                                                                                                                                                                                  • Detection: 0%, ReversingLabs
                                                                                                                                                                                                  Reputation:moderate
                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Target ID:13
                                                                                                                                                                                                  Start time:17:38:50
                                                                                                                                                                                                  Start date:30/03/2024
                                                                                                                                                                                                  Path:C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exe
                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                  Commandline:"C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=73.0.3856.382 --initial-client-data=0x334,0x338,0x33c,0x310,0x340,0x9f4f48,0x9f4f58,0x9f4f64
                                                                                                                                                                                                  Imagebase:0x840000
                                                                                                                                                                                                  File size:1'853'592 bytes
                                                                                                                                                                                                  MD5 hash:4C8FBED0044DA34AD25F781C3D117A66
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Reputation:moderate
                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Target ID:14
                                                                                                                                                                                                  Start time:17:39:26
                                                                                                                                                                                                  Start date:30/03/2024
                                                                                                                                                                                                  Path:C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe
                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                  Commandline:"C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe" --backend --initial-pid=6968 --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="C:\Users\user\AppData\Local\Programs\Opera GX" --profile-folder --language=en-GB --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --package-dir="C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403301738211" --session-guid=a10f841a-b084-4b1c-a270-9471596263d2 --server-tracking-blob=MzQwYjFlY2Q3YzUwMzljOWRhMzc4ZWY2NDVlZTkxNGE5MzY0ODhiMmM5YmFiMDE5ZTk1N2JhOTU2NTJhM2RiNzp7ImNvdW50cnkiOiJVUyIsImVkaXRpb24iOiJzdGQtMSIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOnsibmFtZSI6Im9wZXJhX2d4In0sInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS9lZGl0aW9uL3N0ZC0xP3V0bV9zb3VyY2U9UFdOZ2FtZXMmdXRtX21lZGl1bT1wYSZ1dG1fY2FtcGFpZ249UFdOX1VTX1BCM19ERF8zNjYxJnV0bV9pZD1hOTUzMmNlZWRiYTc0NzJhODlhNzNhZGI3MDI3ZGI4NSZ1dG1fY29udGVudD0zNjYxXzIzNTMiLCJzeXN0ZW0iOnsicGxhdGZvcm0iOnsiYXJjaCI6Ing4Nl82NCIsIm9wc3lzIjoiV2luZG93cyIsIm9wc3lzLXZlcnNpb24iOiIxMCIsInBhY2thZ2UiOiJFWEUifX0sInRpbWVzdGFtcCI6IjE3MTE4MTY2OTkuOTMyNiIsInVzZXJhZ2VudCI6Iklubm9Eb3dubG9hZFBsdWdpbi8xLjUiLCJ1dG0iOnsiY2FtcGFpZ24iOiJQV05fVVNfUEIzX0REXzM2NjEiLCJjb250ZW50IjoiMzY2MV8yMzUzIiwiaWQiOiJhOTUzMmNlZWRiYTc0NzJhODlhNzNhZGI3MDI3ZGI4NSIsIm1lZGl1bSI6InBhIiwic291cmNlIjoiUFdOZ2FtZXMifSwidXVpZCI6IjFiNjA5MDQ5LTIxN2QtNDVkMy04ODZiLTM3N2E2MTY5YWJiZCJ9 --silent --desktopshortcut=1 --install-subfolder=107.0.5045.79
                                                                                                                                                                                                  Imagebase:0x7ff6c86e0000
                                                                                                                                                                                                  File size:6'949'792 bytes
                                                                                                                                                                                                  MD5 hash:21AD4599ABD2E158DB5128F32D3CC4EE
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Antivirus matches:
                                                                                                                                                                                                  • Detection: 0%, ReversingLabs
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Target ID:15
                                                                                                                                                                                                  Start time:17:39:26
                                                                                                                                                                                                  Start date:30/03/2024
                                                                                                                                                                                                  Path:C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe
                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                  Commandline:"C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktopGX --annotation=ver=107.0.5045.79 --initial-client-data=0x2c4,0x2c8,0x2cc,0x29c,0x2d0,0x7ff8a8dad180,0x7ff8a8dad18c,0x7ff8a8dad198
                                                                                                                                                                                                  Imagebase:0x7ff6c86e0000
                                                                                                                                                                                                  File size:6'949'792 bytes
                                                                                                                                                                                                  MD5 hash:21AD4599ABD2E158DB5128F32D3CC4EE
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Target ID:18
                                                                                                                                                                                                  Start time:17:39:27
                                                                                                                                                                                                  Start date:30/03/2024
                                                                                                                                                                                                  Path:C:\Windows\explorer.exe
                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                  Commandline:C:\Windows\Explorer.EXE
                                                                                                                                                                                                  Imagebase:0x7ff674740000
                                                                                                                                                                                                  File size:5'141'208 bytes
                                                                                                                                                                                                  MD5 hash:662F4F92FDE3557E86D110526BB578D5
                                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Target ID:19
                                                                                                                                                                                                  Start time:17:39:29
                                                                                                                                                                                                  Start date:30/03/2024
                                                                                                                                                                                                  Path:C:\Program Files (x86)\nZAKxSqmPHiPhLDTQLuRLezesjzXVhvCmWJdKwnqhWK\zRLeaVuwHZUsAJ.exe
                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\nZAKxSqmPHiPhLDTQLuRLezesjzXVhvCmWJdKwnqhWK\zRLeaVuwHZUsAJ.exe"
                                                                                                                                                                                                  Imagebase:0xe10000
                                                                                                                                                                                                  File size:140'800 bytes
                                                                                                                                                                                                  MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Target ID:20
                                                                                                                                                                                                  Start time:17:39:29
                                                                                                                                                                                                  Start date:30/03/2024
                                                                                                                                                                                                  Path:C:\Program Files (x86)\nZAKxSqmPHiPhLDTQLuRLezesjzXVhvCmWJdKwnqhWK\zRLeaVuwHZUsAJ.exe
                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\nZAKxSqmPHiPhLDTQLuRLezesjzXVhvCmWJdKwnqhWK\zRLeaVuwHZUsAJ.exe"
                                                                                                                                                                                                  Imagebase:0xe10000
                                                                                                                                                                                                  File size:140'800 bytes
                                                                                                                                                                                                  MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Target ID:21
                                                                                                                                                                                                  Start time:17:39:29
                                                                                                                                                                                                  Start date:30/03/2024
                                                                                                                                                                                                  Path:C:\Program Files (x86)\nZAKxSqmPHiPhLDTQLuRLezesjzXVhvCmWJdKwnqhWK\zRLeaVuwHZUsAJ.exe
                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\nZAKxSqmPHiPhLDTQLuRLezesjzXVhvCmWJdKwnqhWK\zRLeaVuwHZUsAJ.exe"
                                                                                                                                                                                                  Imagebase:0xe10000
                                                                                                                                                                                                  File size:140'800 bytes
                                                                                                                                                                                                  MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Target ID:22
                                                                                                                                                                                                  Start time:17:39:30
                                                                                                                                                                                                  Start date:30/03/2024
                                                                                                                                                                                                  Path:C:\Program Files (x86)\nZAKxSqmPHiPhLDTQLuRLezesjzXVhvCmWJdKwnqhWK\zRLeaVuwHZUsAJ.exe
                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\nZAKxSqmPHiPhLDTQLuRLezesjzXVhvCmWJdKwnqhWK\zRLeaVuwHZUsAJ.exe"
                                                                                                                                                                                                  Imagebase:0xe10000
                                                                                                                                                                                                  File size:140'800 bytes
                                                                                                                                                                                                  MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Target ID:23
                                                                                                                                                                                                  Start time:17:39:30
                                                                                                                                                                                                  Start date:30/03/2024
                                                                                                                                                                                                  Path:C:\Program Files (x86)\nZAKxSqmPHiPhLDTQLuRLezesjzXVhvCmWJdKwnqhWK\zRLeaVuwHZUsAJ.exe
                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\nZAKxSqmPHiPhLDTQLuRLezesjzXVhvCmWJdKwnqhWK\zRLeaVuwHZUsAJ.exe"
                                                                                                                                                                                                  Imagebase:0xe10000
                                                                                                                                                                                                  File size:140'800 bytes
                                                                                                                                                                                                  MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Target ID:24
                                                                                                                                                                                                  Start time:17:39:30
                                                                                                                                                                                                  Start date:30/03/2024
                                                                                                                                                                                                  Path:C:\Program Files (x86)\nZAKxSqmPHiPhLDTQLuRLezesjzXVhvCmWJdKwnqhWK\zRLeaVuwHZUsAJ.exe
                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\nZAKxSqmPHiPhLDTQLuRLezesjzXVhvCmWJdKwnqhWK\zRLeaVuwHZUsAJ.exe"
                                                                                                                                                                                                  Imagebase:0xe10000
                                                                                                                                                                                                  File size:140'800 bytes
                                                                                                                                                                                                  MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Target ID:25
                                                                                                                                                                                                  Start time:17:39:30
                                                                                                                                                                                                  Start date:30/03/2024
                                                                                                                                                                                                  Path:C:\Program Files (x86)\nZAKxSqmPHiPhLDTQLuRLezesjzXVhvCmWJdKwnqhWK\zRLeaVuwHZUsAJ.exe
                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\nZAKxSqmPHiPhLDTQLuRLezesjzXVhvCmWJdKwnqhWK\zRLeaVuwHZUsAJ.exe"
                                                                                                                                                                                                  Imagebase:0xe10000
                                                                                                                                                                                                  File size:140'800 bytes
                                                                                                                                                                                                  MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Target ID:26
                                                                                                                                                                                                  Start time:17:39:30
                                                                                                                                                                                                  Start date:30/03/2024
                                                                                                                                                                                                  Path:C:\Program Files (x86)\nZAKxSqmPHiPhLDTQLuRLezesjzXVhvCmWJdKwnqhWK\zRLeaVuwHZUsAJ.exe
                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\nZAKxSqmPHiPhLDTQLuRLezesjzXVhvCmWJdKwnqhWK\zRLeaVuwHZUsAJ.exe"
                                                                                                                                                                                                  Imagebase:0xe10000
                                                                                                                                                                                                  File size:140'800 bytes
                                                                                                                                                                                                  MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Target ID:27
                                                                                                                                                                                                  Start time:17:39:30
                                                                                                                                                                                                  Start date:30/03/2024
                                                                                                                                                                                                  Path:C:\Program Files (x86)\nZAKxSqmPHiPhLDTQLuRLezesjzXVhvCmWJdKwnqhWK\zRLeaVuwHZUsAJ.exe
                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\nZAKxSqmPHiPhLDTQLuRLezesjzXVhvCmWJdKwnqhWK\zRLeaVuwHZUsAJ.exe"
                                                                                                                                                                                                  Imagebase:0xe10000
                                                                                                                                                                                                  File size:140'800 bytes
                                                                                                                                                                                                  MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Target ID:28
                                                                                                                                                                                                  Start time:17:39:30
                                                                                                                                                                                                  Start date:30/03/2024
                                                                                                                                                                                                  Path:C:\Program Files (x86)\nZAKxSqmPHiPhLDTQLuRLezesjzXVhvCmWJdKwnqhWK\zRLeaVuwHZUsAJ.exe
                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\nZAKxSqmPHiPhLDTQLuRLezesjzXVhvCmWJdKwnqhWK\zRLeaVuwHZUsAJ.exe"
                                                                                                                                                                                                  Imagebase:0xe10000
                                                                                                                                                                                                  File size:140'800 bytes
                                                                                                                                                                                                  MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Target ID:29
                                                                                                                                                                                                  Start time:17:39:30
                                                                                                                                                                                                  Start date:30/03/2024
                                                                                                                                                                                                  Path:C:\Program Files (x86)\nZAKxSqmPHiPhLDTQLuRLezesjzXVhvCmWJdKwnqhWK\zRLeaVuwHZUsAJ.exe
                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\nZAKxSqmPHiPhLDTQLuRLezesjzXVhvCmWJdKwnqhWK\zRLeaVuwHZUsAJ.exe"
                                                                                                                                                                                                  Imagebase:0xe10000
                                                                                                                                                                                                  File size:140'800 bytes
                                                                                                                                                                                                  MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Target ID:30
                                                                                                                                                                                                  Start time:17:39:31
                                                                                                                                                                                                  Start date:30/03/2024
                                                                                                                                                                                                  Path:C:\Program Files (x86)\nZAKxSqmPHiPhLDTQLuRLezesjzXVhvCmWJdKwnqhWK\zRLeaVuwHZUsAJ.exe
                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\nZAKxSqmPHiPhLDTQLuRLezesjzXVhvCmWJdKwnqhWK\zRLeaVuwHZUsAJ.exe"
                                                                                                                                                                                                  Imagebase:0xe10000
                                                                                                                                                                                                  File size:140'800 bytes
                                                                                                                                                                                                  MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Target ID:31
                                                                                                                                                                                                  Start time:17:39:31
                                                                                                                                                                                                  Start date:30/03/2024
                                                                                                                                                                                                  Path:C:\Program Files (x86)\nZAKxSqmPHiPhLDTQLuRLezesjzXVhvCmWJdKwnqhWK\zRLeaVuwHZUsAJ.exe
                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\nZAKxSqmPHiPhLDTQLuRLezesjzXVhvCmWJdKwnqhWK\zRLeaVuwHZUsAJ.exe"
                                                                                                                                                                                                  Imagebase:0xe10000
                                                                                                                                                                                                  File size:140'800 bytes
                                                                                                                                                                                                  MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Target ID:32
                                                                                                                                                                                                  Start time:17:39:31
                                                                                                                                                                                                  Start date:30/03/2024
                                                                                                                                                                                                  Path:C:\Program Files (x86)\nZAKxSqmPHiPhLDTQLuRLezesjzXVhvCmWJdKwnqhWK\zRLeaVuwHZUsAJ.exe
                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\nZAKxSqmPHiPhLDTQLuRLezesjzXVhvCmWJdKwnqhWK\zRLeaVuwHZUsAJ.exe"
                                                                                                                                                                                                  Imagebase:0xe10000
                                                                                                                                                                                                  File size:140'800 bytes
                                                                                                                                                                                                  MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Target ID:33
                                                                                                                                                                                                  Start time:17:39:31
                                                                                                                                                                                                  Start date:30/03/2024
                                                                                                                                                                                                  Path:C:\Program Files (x86)\nZAKxSqmPHiPhLDTQLuRLezesjzXVhvCmWJdKwnqhWK\zRLeaVuwHZUsAJ.exe
                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\nZAKxSqmPHiPhLDTQLuRLezesjzXVhvCmWJdKwnqhWK\zRLeaVuwHZUsAJ.exe"
                                                                                                                                                                                                  Imagebase:0xe10000
                                                                                                                                                                                                  File size:140'800 bytes
                                                                                                                                                                                                  MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Target ID:34
                                                                                                                                                                                                  Start time:17:39:31
                                                                                                                                                                                                  Start date:30/03/2024
                                                                                                                                                                                                  Path:C:\Program Files (x86)\nZAKxSqmPHiPhLDTQLuRLezesjzXVhvCmWJdKwnqhWK\zRLeaVuwHZUsAJ.exe
                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\nZAKxSqmPHiPhLDTQLuRLezesjzXVhvCmWJdKwnqhWK\zRLeaVuwHZUsAJ.exe"
                                                                                                                                                                                                  Imagebase:0xe10000
                                                                                                                                                                                                  File size:140'800 bytes
                                                                                                                                                                                                  MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Target ID:35
                                                                                                                                                                                                  Start time:17:39:31
                                                                                                                                                                                                  Start date:30/03/2024
                                                                                                                                                                                                  Path:C:\Program Files (x86)\nZAKxSqmPHiPhLDTQLuRLezesjzXVhvCmWJdKwnqhWK\zRLeaVuwHZUsAJ.exe
                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\nZAKxSqmPHiPhLDTQLuRLezesjzXVhvCmWJdKwnqhWK\zRLeaVuwHZUsAJ.exe"
                                                                                                                                                                                                  Imagebase:0xe10000
                                                                                                                                                                                                  File size:140'800 bytes
                                                                                                                                                                                                  MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Target ID:36
                                                                                                                                                                                                  Start time:17:39:31
                                                                                                                                                                                                  Start date:30/03/2024
                                                                                                                                                                                                  Path:C:\Program Files (x86)\nZAKxSqmPHiPhLDTQLuRLezesjzXVhvCmWJdKwnqhWK\zRLeaVuwHZUsAJ.exe
                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\nZAKxSqmPHiPhLDTQLuRLezesjzXVhvCmWJdKwnqhWK\zRLeaVuwHZUsAJ.exe"
                                                                                                                                                                                                  Imagebase:0xe10000
                                                                                                                                                                                                  File size:140'800 bytes
                                                                                                                                                                                                  MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Target ID:37
                                                                                                                                                                                                  Start time:17:39:32
                                                                                                                                                                                                  Start date:30/03/2024
                                                                                                                                                                                                  Path:C:\Program Files (x86)\nZAKxSqmPHiPhLDTQLuRLezesjzXVhvCmWJdKwnqhWK\zRLeaVuwHZUsAJ.exe
                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\nZAKxSqmPHiPhLDTQLuRLezesjzXVhvCmWJdKwnqhWK\zRLeaVuwHZUsAJ.exe"
                                                                                                                                                                                                  Imagebase:0xe10000
                                                                                                                                                                                                  File size:140'800 bytes
                                                                                                                                                                                                  MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Target ID:38
                                                                                                                                                                                                  Start time:17:39:32
                                                                                                                                                                                                  Start date:30/03/2024
                                                                                                                                                                                                  Path:C:\Program Files (x86)\nZAKxSqmPHiPhLDTQLuRLezesjzXVhvCmWJdKwnqhWK\zRLeaVuwHZUsAJ.exe
                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\nZAKxSqmPHiPhLDTQLuRLezesjzXVhvCmWJdKwnqhWK\zRLeaVuwHZUsAJ.exe"
                                                                                                                                                                                                  Imagebase:0xe10000
                                                                                                                                                                                                  File size:140'800 bytes
                                                                                                                                                                                                  MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Target ID:39
                                                                                                                                                                                                  Start time:17:39:32
                                                                                                                                                                                                  Start date:30/03/2024
                                                                                                                                                                                                  Path:C:\Program Files (x86)\nZAKxSqmPHiPhLDTQLuRLezesjzXVhvCmWJdKwnqhWK\zRLeaVuwHZUsAJ.exe
                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\nZAKxSqmPHiPhLDTQLuRLezesjzXVhvCmWJdKwnqhWK\zRLeaVuwHZUsAJ.exe"
                                                                                                                                                                                                  Imagebase:0xe10000
                                                                                                                                                                                                  File size:140'800 bytes
                                                                                                                                                                                                  MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                  Disassembly

                                                                                                                                                                                                  Reset < >

                                                                                                                                                                                                    Execution Graph

                                                                                                                                                                                                    Execution Coverage:23.4%
                                                                                                                                                                                                    Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                    Signature Coverage:21.3%
                                                                                                                                                                                                    Total number of Nodes:1631
                                                                                                                                                                                                    Total number of Limit Nodes:47
                                                                                                                                                                                                    execution_graph 4868 401cc1 GetDlgItem GetClientRect 4869 4029f6 18 API calls 4868->4869 4870 401cf1 LoadImageA SendMessageA 4869->4870 4871 40288b 4870->4871 4872 401d0f DeleteObject 4870->4872 4872->4871 4873 401dc1 4874 4029f6 18 API calls 4873->4874 4875 401dc7 4874->4875 4876 4029f6 18 API calls 4875->4876 4877 401dd0 4876->4877 4878 4029f6 18 API calls 4877->4878 4879 401dd9 4878->4879 4880 4029f6 18 API calls 4879->4880 4881 401de2 4880->4881 4882 401423 25 API calls 4881->4882 4883 401de9 ShellExecuteA 4882->4883 4884 401e16 4883->4884 3794 405042 3795 405063 GetDlgItem GetDlgItem GetDlgItem 3794->3795 3796 4051ee 3794->3796 3841 403f4d SendMessageA 3795->3841 3798 4051f7 GetDlgItem CreateThread CloseHandle 3796->3798 3799 40521f 3796->3799 3798->3799 3858 404fd6 OleInitialize 3798->3858 3801 40524a 3799->3801 3802 405236 ShowWindow ShowWindow 3799->3802 3803 40526c 3799->3803 3800 4050d4 3806 4050db GetClientRect GetSystemMetrics SendMessageA SendMessageA 3800->3806 3804 405253 3801->3804 3805 4052a8 3801->3805 3843 403f4d SendMessageA 3802->3843 3810 403f7f 8 API calls 3803->3810 3808 405281 ShowWindow 3804->3808 3809 40525b 3804->3809 3805->3803 3815 4052b3 SendMessageA 3805->3815 3813 40514a 3806->3813 3814 40512e SendMessageA SendMessageA 3806->3814 3811 4052a1 3808->3811 3812 405293 3808->3812 3844 403ef1 3809->3844 3822 40527a 3810->3822 3818 403ef1 SendMessageA 3811->3818 3847 404f04 3812->3847 3819 40515d 3813->3819 3820 40514f SendMessageA 3813->3820 3814->3813 3821 4052cc CreatePopupMenu 3815->3821 3815->3822 3818->3805 3824 403f18 19 API calls 3819->3824 3820->3819 3823 405b88 18 API calls 3821->3823 3825 4052dc AppendMenuA 3823->3825 3826 40516d 3824->3826 3827 405302 3825->3827 3828 4052ef GetWindowRect 3825->3828 3829 405176 ShowWindow 3826->3829 3830 4051aa GetDlgItem SendMessageA 3826->3830 3832 40530b TrackPopupMenu 3827->3832 3828->3832 3833 405199 3829->3833 3834 40518c ShowWindow 3829->3834 3830->3822 3831 4051d1 SendMessageA SendMessageA 3830->3831 3831->3822 3832->3822 3835 405329 3832->3835 3842 403f4d SendMessageA 3833->3842 3834->3833 3836 405345 SendMessageA 3835->3836 3836->3836 3838 405362 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 3836->3838 3839 405384 SendMessageA 3838->3839 3839->3839 3840 4053a5 GlobalUnlock SetClipboardData CloseClipboard 3839->3840 3840->3822 3841->3800 3842->3830 3843->3801 3845 403ef8 3844->3845 3846 403efe SendMessageA 3844->3846 3845->3846 3846->3803 3848 404f1f 3847->3848 3856 404fc2 3847->3856 3849 404f3c lstrlenA 3848->3849 3850 405b88 18 API calls 3848->3850 3851 404f65 3849->3851 3852 404f4a lstrlenA 3849->3852 3850->3849 3854 404f78 3851->3854 3855 404f6b SetWindowTextA 3851->3855 3853 404f5c lstrcatA 3852->3853 3852->3856 3853->3851 3854->3856 3857 404f7e SendMessageA SendMessageA SendMessageA 3854->3857 3855->3854 3856->3811 3857->3856 3865 403f64 3858->3865 3860 404ff9 3864 405020 3860->3864 3868 401389 3860->3868 3861 403f64 SendMessageA 3862 405032 OleUninitialize 3861->3862 3864->3861 3866 403f7c 3865->3866 3867 403f6d SendMessageA 3865->3867 3866->3860 3867->3866 3869 401390 3868->3869 3870 4013fe 3869->3870 3871 4013cb MulDiv SendMessageA 3869->3871 3870->3860 3871->3869 3872 403a45 3873 403b98 3872->3873 3874 403a5d 3872->3874 3876 403be9 3873->3876 3877 403ba9 GetDlgItem GetDlgItem 3873->3877 3874->3873 3875 403a69 3874->3875 3879 403a74 SetWindowPos 3875->3879 3880 403a87 3875->3880 3878 403c43 3876->3878 3886 401389 2 API calls 3876->3886 3881 403f18 19 API calls 3877->3881 3882 403f64 SendMessageA 3878->3882 3933 403b93 3878->3933 3879->3880 3883 403aa4 3880->3883 3884 403a8c ShowWindow 3880->3884 3885 403bd3 SetClassLongA 3881->3885 3931 403c55 3882->3931 3887 403ac6 3883->3887 3888 403aac DestroyWindow 3883->3888 3884->3883 3889 40140b 2 API calls 3885->3889 3890 403c1b 3886->3890 3891 403acb SetWindowLongA 3887->3891 3892 403adc 3887->3892 3941 403ea1 3888->3941 3889->3876 3890->3878 3895 403c1f SendMessageA 3890->3895 3891->3933 3893 403b85 3892->3893 3894 403ae8 GetDlgItem 3892->3894 3899 403f7f 8 API calls 3893->3899 3898 403afb SendMessageA IsWindowEnabled 3894->3898 3901 403b18 3894->3901 3895->3933 3896 40140b 2 API calls 3896->3931 3897 403ea3 DestroyWindow EndDialog 3897->3941 3898->3901 3898->3933 3899->3933 3900 403ed2 ShowWindow 3900->3933 3903 403b25 3901->3903 3904 403b6c SendMessageA 3901->3904 3905 403b38 3901->3905 3914 403b1d 3901->3914 3902 405b88 18 API calls 3902->3931 3903->3904 3903->3914 3904->3893 3908 403b40 3905->3908 3909 403b55 3905->3909 3906 403ef1 SendMessageA 3907 403b53 3906->3907 3907->3893 3945 40140b 3908->3945 3911 40140b 2 API calls 3909->3911 3910 403f18 19 API calls 3910->3931 3913 403b5c 3911->3913 3913->3893 3913->3914 3914->3906 3915 403f18 19 API calls 3916 403cd0 GetDlgItem 3915->3916 3917 403ce5 3916->3917 3918 403ced ShowWindow KiUserCallbackDispatcher 3916->3918 3917->3918 3942 403f3a KiUserCallbackDispatcher 3918->3942 3920 403d17 KiUserCallbackDispatcher 3923 403d2b 3920->3923 3921 403d30 GetSystemMenu EnableMenuItem SendMessageA 3922 403d60 SendMessageA 3921->3922 3921->3923 3922->3923 3923->3921 3943 403f4d SendMessageA 3923->3943 3944 405b66 lstrcpynA 3923->3944 3926 403d8e lstrlenA 3927 405b88 18 API calls 3926->3927 3928 403d9f SetWindowTextA 3927->3928 3929 401389 2 API calls 3928->3929 3929->3931 3930 403de3 DestroyWindow 3932 403dfd CreateDialogParamA 3930->3932 3930->3941 3931->3896 3931->3897 3931->3902 3931->3910 3931->3915 3931->3930 3931->3933 3934 403e30 3932->3934 3932->3941 3935 403f18 19 API calls 3934->3935 3936 403e3b GetDlgItem GetWindowRect ScreenToClient SetWindowPos 3935->3936 3937 401389 2 API calls 3936->3937 3938 403e81 3937->3938 3938->3933 3939 403e89 ShowWindow 3938->3939 3940 403f64 SendMessageA 3939->3940 3940->3941 3941->3900 3941->3933 3942->3920 3943->3923 3944->3926 3946 401389 2 API calls 3945->3946 3947 401420 3946->3947 3947->3914 4885 401645 4886 4029f6 18 API calls 4885->4886 4887 40164c 4886->4887 4888 4029f6 18 API calls 4887->4888 4889 401655 4888->4889 4890 4029f6 18 API calls 4889->4890 4891 40165e MoveFileA 4890->4891 4892 401671 4891->4892 4893 40166a 4891->4893 4894 405e61 2 API calls 4892->4894 4897 402169 4892->4897 4895 401423 25 API calls 4893->4895 4896 401680 4894->4896 4895->4897 4896->4897 4898 4058b4 38 API calls 4896->4898 4898->4893 4899 401ec5 4900 4029f6 18 API calls 4899->4900 4901 401ecc GetFileVersionInfoSizeA 4900->4901 4902 401f45 4901->4902 4903 401eef GlobalAlloc 4901->4903 4903->4902 4904 401f03 GetFileVersionInfoA 4903->4904 4904->4902 4905 401f14 VerQueryValueA 4904->4905 4905->4902 4906 401f2d 4905->4906 4910 405ac4 wsprintfA 4906->4910 4908 401f39 4911 405ac4 wsprintfA 4908->4911 4910->4908 4911->4902 4915 4025cc 4916 4025d3 4915->4916 4918 402838 4915->4918 4917 4029d9 18 API calls 4916->4917 4919 4025de 4917->4919 4920 4025e5 SetFilePointer 4919->4920 4920->4918 4921 4025f5 4920->4921 4923 405ac4 wsprintfA 4921->4923 4923->4918 4118 401f51 4119 401f63 4118->4119 4120 402012 4118->4120 4121 4029f6 18 API calls 4119->4121 4123 401423 25 API calls 4120->4123 4122 401f6a 4121->4122 4124 4029f6 18 API calls 4122->4124 4128 402169 4123->4128 4125 401f73 4124->4125 4126 401f88 LoadLibraryExA 4125->4126 4127 401f7b GetModuleHandleA 4125->4127 4126->4120 4129 401f98 GetProcAddress 4126->4129 4127->4126 4127->4129 4130 401fe5 4129->4130 4131 401fa8 4129->4131 4134 404f04 25 API calls 4130->4134 4132 401fb0 4131->4132 4133 401fc7 4131->4133 4259 401423 4132->4259 4139 6c543033 4133->4139 4136 401fb8 4134->4136 4136->4128 4137 402006 FreeLibrary 4136->4137 4137->4128 4140 6c543056 4139->4140 4141 6c543065 LocalAlloc 4140->4141 4142 6c543127 4141->4142 4143 6c5430fc 4141->4143 4262 6c543b93 4142->4262 4145 6c543b93 2 API calls 4143->4145 4147 6c543102 lstrcpyA lstrlenA 4145->4147 4146 6c543148 4148 6c543613 4146->4148 4149 6c543161 lstrcmpiA 4146->4149 4182 6c543288 lstrcpyA 4146->4182 4208 6c543b93 2 API calls 4146->4208 4222 6c543b93 lstrcpyA GlobalFree 4146->4222 4231 6c5434cc lstrcmpiA 4146->4231 4232 6c54351d lstrcmpiA 4146->4232 4147->4142 4267 6c543bd7 4148->4267 4149->4146 4151 6c543178 lstrcmpiA 4149->4151 4151->4146 4153 6c543194 lstrcmpiA 4151->4153 4153->4146 4156 6c5431af lstrcmpiA 4153->4156 4154 6c543627 lstrcpyA 4155 6c543633 4154->4155 4158 6c543642 wsprintfA lstrlenA 4155->4158 4166 6c543679 4155->4166 4156->4146 4157 6c5431cb lstrcmpiA 4156->4157 4157->4146 4161 6c5431e4 lstrcmpiA 4157->4161 4270 6c541392 4158->4270 4159 6c543683 FindWindowExA 4160 6c5436ed #17 4159->4160 4163 6c54369c 4159->4163 4171 6c5436f3 4160->4171 4161->4146 4164 6c543200 lstrcmpiA 4161->4164 4163->4160 4167 6c5436a5 SetDlgItemTextA 4163->4167 4164->4146 4165 6c54321c lstrcmpiA 4164->4165 4165->4146 4168 6c543238 lstrcmpiA 4165->4168 4166->4159 4166->4160 4167->4171 4169 6c543262 lstrcmpiA 4168->4169 4170 6c543249 LocalAlloc 4168->4170 4169->4146 4172 6c54329d lstrcmpiA 4169->4172 4170->4146 4173 6c543755 GetTickCount CreateDialogParamA 4171->4173 4174 6c543738 GetWindowLongA SetWindowLongA 4171->4174 4172->4146 4177 6c543359 lstrcmpiA 4172->4177 4175 6c543966 GetLastError lstrlenA wsprintfA 4173->4175 4176 6c5437ae CreateThread 4173->4176 4174->4173 4195 6c5439ab 4175->4195 4178 6c5437cd GetDlgItem GetDlgItem 4176->4178 4179 6c54394e DestroyWindow 4176->4179 4274 6c541644 6 API calls 4176->4274 4180 6c543383 lstrcmpiA 4177->4180 4181 6c54336a LocalAlloc 4177->4181 4183 6c543806 ShowWindow 4178->4183 4184 6c5438b2 IsWindow 4178->4184 4179->4195 4180->4146 4185 6c54339e lstrcmpiA 4180->4185 4181->4146 4182->4146 4183->4184 4191 6c543823 4183->4191 4189 6c543862 KiUserCallbackDispatcher 4184->4189 4190 6c5438c2 WaitForSingleObject 4184->4190 4186 6c5433dc lstrcmpiA 4185->4186 4187 6c5433af LocalAlloc 4185->4187 4186->4146 4194 6c5433f7 lstrcmpiA 4186->4194 4192 6c543b93 2 API calls 4187->4192 4188 6c543b93 2 API calls 4188->4195 4189->4190 4193 6c543875 IsDialogMessageA 4189->4193 4196 6c5438d5 TerminateThread 4190->4196 4197 6c5438ea CloseHandle 4190->4197 4191->4184 4205 6c543834 GetWindowLongA EnableWindow 4191->4205 4206 6c543849 4191->4206 4198 6c5433c3 4192->4198 4193->4184 4199 6c543889 IsDialogMessageA 4193->4199 4200 6c543408 LocalAlloc 4194->4200 4201 6c54342b lstrcmpiA 4194->4201 4195->4188 4202 6c5439c0 lstrcmpiA 4195->4202 4203 6c5439d1 LocalFree 4195->4203 4196->4197 4197->4195 4204 6c5438fe 4197->4204 4198->4146 4216 6c543516 lstrcpyA 4198->4216 4199->4184 4209 6c54389a TranslateMessage 4199->4209 4210 6c543b93 2 API calls 4200->4210 4201->4146 4213 6c543462 lstrcmpiA 4201->4213 4202->4195 4202->4203 4211 6c5439e6 LocalFree 4203->4211 4212 6c5439f2 4203->4212 4204->4195 4214 6c54390b SetDlgItemTextA 4204->4214 4205->4206 4206->4184 4207 6c54384d IsWindowVisible ShowWindow 4206->4207 4207->4184 4217 6c5432d8 lstrcpyA 4208->4217 4209->4184 4218 6c5438a8 DispatchMessageA 4209->4218 4210->4198 4211->4212 4219 6c543a02 4212->4219 4220 6c5439fb LocalFree 4212->4220 4213->4146 4215 6c543499 lstrcmpiA 4213->4215 4214->4195 4221 6c543929 4214->4221 4215->4146 4224 6c5434aa LocalAlloc 4215->4224 4216->4146 4223 6c543b93 2 API calls 4217->4223 4218->4184 4225 6c543a12 4219->4225 4226 6c543a0b LocalFree 4219->4226 4220->4219 4227 6c54392d SetWindowLongA 4221->4227 4228 6c543939 4221->4228 4222->4146 4223->4146 4224->4146 4229 6c543a22 4225->4229 4230 6c543a1b LocalFree 4225->4230 4226->4225 4227->4228 4228->4195 4233 6c543943 ShowWindow 4228->4233 4234 6c543a32 4229->4234 4235 6c543a2b LocalFree 4229->4235 4230->4229 4237 6c5434e6 lstrcmpiA 4231->4237 4238 6c5434f7 LocalAlloc 4231->4238 4232->4146 4236 6c543532 CreateFileA 4232->4236 4233->4195 4241 6c543a3b LocalFree 4234->4241 4247 6c543a42 4234->4247 4235->4234 4239 6c543555 GetFileSize 4236->4239 4240 6c5436de 4236->4240 4237->4232 4237->4238 4238->4216 4242 6c5436c8 CloseHandle 4239->4242 4251 6c54356b 4239->4251 4240->4195 4241->4247 4242->4195 4243 6c543afc 4244 6c543bd7 2 API calls 4243->4244 4245 6c543b0f 4244->4245 4245->4136 4246 6c543ae3 4248 6c543bd7 2 API calls 4246->4248 4247->4243 4247->4246 4249 6c543a95 WideCharToMultiByte 4247->4249 4250 6c543ae9 LocalFree 4248->4250 4249->4250 4252 6c543aac LocalAlloc 4249->4252 4250->4243 4251->4242 4253 6c543595 wsprintfA LocalFree LocalAlloc ReadFile 4251->4253 4257 6c5435f3 CloseHandle 4251->4257 4252->4250 4254 6c543abe WideCharToMultiByte 4252->4254 4253->4242 4253->4251 4255 6c543ad4 4254->4255 4256 6c543ada LocalFree 4254->4256 4258 6c543bd7 2 API calls 4255->4258 4256->4250 4257->4146 4258->4256 4260 404f04 25 API calls 4259->4260 4261 401431 4260->4261 4261->4136 4263 6c543ba1 4262->4263 4264 6c543bcf 4262->4264 4263->4264 4265 6c543bc0 GlobalFree 4263->4265 4266 6c543bad lstrcpyA 4263->4266 4264->4146 4265->4264 4266->4265 4268 6c543be3 GlobalAlloc lstrcpynA 4267->4268 4269 6c54361e 4267->4269 4268->4269 4269->4154 4269->4155 4271 6c5413a6 4270->4271 4273 6c54139f 4270->4273 4272 6c5413ae lstrlenA 4271->4272 4271->4273 4272->4273 4273->4166 4275 6c541704 InternetQueryOptionA 4274->4275 4293 6c541db1 4274->4293 4277 6c541745 4275->4277 4278 6c54172d 4275->4278 4276 6c541dbd 6 API calls 4279 6c541dff 4276->4279 4280 6c541dea PostMessageA 4276->4280 4282 6c54175d 4277->4282 4283 6c54174e InternetSetOptionA 4277->4283 4278->4277 4281 6c541733 InternetSetOptionA 4278->4281 4280->4279 4281->4277 4284 6c541766 InternetSetOptionA 4282->4284 4285 6c541772 LoadLibraryA 4282->4285 4283->4282 4284->4285 4286 6c541785 GetProcAddress 4285->4286 4318 6c5417b4 4285->4318 4286->4318 4287 6c543b93 lstrcpyA GlobalFree 4287->4318 4288 6c541d7a 4290 6c541d8a InternetCloseHandle lstrcmpiA 4288->4290 4289 6c54179b lstrcmpiA 4289->4290 4289->4318 4290->4276 4291 6c541da6 4290->4291 4292 6c543bd7 2 API calls 4291->4292 4292->4293 4293->4276 4294 6c5417c6 lstrcmpiA 4294->4290 4295 6c5417df PostMessageA 4294->4295 4296 6c541825 CreateFileA 4295->4296 4295->4318 4296->4318 4297 6c541891 GetFileSize 4298 6c54189f InternetCrackUrlA 4297->4298 4298->4318 4299 6c541d43 CloseHandle 4299->4318 4300 6c5418ff lstrcatA GetTickCount 4300->4318 4301 6c5418c8 wsprintfA lstrlenA 4302 6c541392 lstrlenA 4301->4302 4302->4318 4303 6c54192e SetFilePointer 4304 6c541944 lstrlenA lstrlenA InternetConnectA 4303->4304 4304->4318 4305 6c541d7c DeleteFileA 4305->4290 4306 6c541c10 GetLastError 4306->4318 4307 6c541bb3 InternetGetLastResponseInfoA 4307->4306 4307->4318 4308 6c5419bd 4308->4318 4388 6c542317 4308->4388 4311 6c5419e6 InternetCloseHandle 4311->4318 4312 6c541b8f InternetCloseHandle 4312->4318 4313 6c541c5f SleepEx 4317 6c541c72 SleepEx 4313->4317 4313->4318 4314 6c541bf5 lstrcpynA 4314->4318 4315 6c541a04 HttpQueryInfoA 4315->4318 4316 6c541a8c 6 API calls 4319 6c541b13 GetWindowLongA 4316->4319 4320 6c541b1e GetWindowLongA 4316->4320 4317->4318 4318->4287 4318->4288 4318->4289 4318->4290 4318->4294 4318->4297 4318->4298 4318->4299 4318->4300 4318->4301 4318->4303 4318->4304 4318->4305 4318->4306 4318->4307 4318->4308 4318->4311 4318->4312 4318->4313 4318->4314 4318->4315 4318->4316 4322 6c541a69 WriteFile 4318->4322 4323 6c541b85 InternetCloseHandle 4318->4323 4325 6c541cbb ShowWindow 4318->4325 4329 6c541b6f HttpEndRequestA 4318->4329 4332 6c5426fb 4318->4332 4321 6c541b27 SetWindowLongA SendDlgItemMessageA 4319->4321 4320->4321 4379 6c541475 4321->4379 4322->4318 4323->4312 4325->4318 4326 6c541ccd GetParent MessageBoxA 4325->4326 4326->4318 4327 6c541cfe ShowWindow 4326->4327 4327->4318 4328 6c541d1b SleepEx 4327->4328 4328->4318 4330 6c541d32 4328->4330 4410 6c542e3f 4329->4410 4330->4299 4333 6c542721 4332->4333 4334 6c542741 HttpOpenRequestA 4333->4334 4340 6c542933 4333->4340 4335 6c542927 4334->4335 4336 6c54276f 4334->4336 4335->4340 4337 6c5427a3 4336->4337 4338 6c542778 wsprintfA HttpAddRequestHeadersA 4336->4338 4341 6c5427d7 HttpSendRequestA 4337->4341 4342 6c5427ac wsprintfA HttpAddRequestHeadersA 4337->4342 4338->4337 4339 6c542961 HttpOpenRequestA 4343 6c5429d0 4339->4343 4378 6c542b8b 4339->4378 4340->4339 4340->4378 4344 6c54290d 4341->4344 4352 6c5427ec 4341->4352 4342->4341 4345 6c542a07 4343->4345 4346 6c5429d9 wsprintfA HttpAddRequestHeadersA 4343->4346 4348 6c542912 InternetCloseHandle 4344->4348 4349 6c542a15 HttpAddRequestHeadersA 4345->4349 4350 6c542a20 4345->4350 4346->4345 4347 6c542e3f 10 API calls 4347->4352 4348->4340 4349->4350 4353 6c542a34 4350->4353 4354 6c542a29 HttpAddRequestHeadersA 4350->4354 4351 6c5427f3 InternetReadFile 4351->4352 4352->4341 4352->4347 4352->4351 4355 6c54285b 4352->4355 4358 6c54282c InternetErrorDlg 4352->4358 4356 6c542a44 4353->4356 4357 6c542a3d HttpAddRequestHeadersA 4353->4357 4354->4353 4355->4348 4362 6c542883 HttpQueryInfoA 4355->4362 4359 6c542a74 4356->4359 4360 6c542a4d wsprintfA HttpAddRequestHeadersA 4356->4360 4357->4356 4358->4352 4358->4355 4361 6c542a7d wsprintfA HttpAddRequestHeadersA 4359->4361 4368 6c542aa5 4359->4368 4360->4359 4361->4368 4363 6c5428b1 4362->4363 4364 6c5428cb HttpQueryInfoA 4362->4364 4363->4364 4366 6c5428ba lstrcpynA 4363->4366 4364->4344 4367 6c5428f3 4364->4367 4365 6c541e0a HttpSendRequestExA HttpSendRequestA 4365->4368 4366->4364 4367->4344 4369 6c5428fc lstrcpynA 4367->4369 4368->4365 4370 6c542aba InternetQueryOptionA InternetSetOptionA 4368->4370 4371 6c542bc2 4368->4371 4373 6c542e3f 10 API calls 4368->4373 4374 6c542b52 4368->4374 4375 6c542b28 InternetErrorDlg 4368->4375 4368->4378 4369->4344 4370->4368 4372 6c542e3f 10 API calls 4371->4372 4372->4378 4373->4368 4376 6c542ba7 InternetSetFilePointer 4374->4376 4377 6c542b6c HttpQueryInfoA 4374->4377 4374->4378 4375->4368 4375->4374 4376->4378 4377->4378 4378->4318 4386 6c54148f 4379->4386 4380 6c541505 InternetReadFile 4383 6c5415a7 4380->4383 4380->4386 4381 6c54149d ReadFile 4382 6c5415af 4381->4382 4387 6c5414bc 4381->4387 4382->4383 4383->4318 4384 6c5414c7 InternetWriteFile 4384->4387 4385 6c541573 WriteFile 4385->4383 4385->4386 4386->4380 4386->4381 4386->4383 4386->4385 4387->4383 4387->4384 4387->4386 4424 6c541000 4388->4424 4390 6c54233d InternetGetLastResponseInfoA 4391 6c542374 4390->4391 4392 6c542443 wsprintfA 4390->4392 4394 6c542381 wsprintfA 4391->4394 4395 6c5424f2 FtpOpenFileA 4391->4395 4393 6c542466 4392->4393 4400 6c54269e 4392->4400 4393->4400 4402 6c5424a0 InternetGetLastResponseInfoA 4393->4402 4396 6c5423a8 4394->4396 4409 6c5423f5 4394->4409 4397 6c542525 GetLastError InternetGetLastResponseInfoA 4395->4397 4398 6c5426cb InternetGetLastResponseInfoA 4395->4398 4403 6c5423dd InternetGetLastResponseInfoA 4396->4403 4396->4409 4399 6c542641 4397->4399 4404 6c542559 4397->4404 4398->4400 4399->4400 4401 6c542685 lstrcpynA 4399->4401 4400->4308 4401->4400 4402->4400 4402->4409 4403->4409 4404->4399 4405 6c5425e7 4404->4405 4406 6c5425a3 FtpCreateDirectoryA InternetGetLastResponseInfoA lstrlenA 4404->4406 4405->4400 4407 6c5425f4 FtpOpenFileA 4405->4407 4406->4404 4407->4400 4408 6c542617 InternetGetLastResponseInfoA 4407->4408 4408->4399 4408->4400 4409->4395 4409->4400 4425 6c541000 4410->4425 4412 6c542e63 HttpQueryInfoA 4413 6c542e8c lstrcmpA 4412->4413 4415 6c542ecd 4412->4415 4414 6c542eaf 4413->4414 4413->4415 4414->4415 4416 6c542ebb lstrcmpA 4414->4416 4415->4318 4416->4415 4417 6c542edc lstrcmpA 4416->4417 4417->4415 4418 6c542efd lstrcmpA 4417->4418 4418->4415 4419 6c542f1e lstrcmpA 4418->4419 4419->4415 4420 6c542f3f lstrcmpA 4419->4420 4420->4415 4421 6c542f60 lstrcmpA 4420->4421 4421->4415 4423 6c542f81 4421->4423 4422 6c542fc7 lstrlenA wsprintfA 4422->4415 4423->4415 4423->4422 4424->4390 4425->4412 4931 404853 GetDlgItem GetDlgItem 4932 4048a7 7 API calls 4931->4932 4941 404ac4 4931->4941 4933 404940 SendMessageA 4932->4933 4934 40494d DeleteObject 4932->4934 4933->4934 4935 404958 4934->4935 4937 40498f 4935->4937 4940 405b88 18 API calls 4935->4940 4936 404bae 4939 404c5d 4936->4939 4943 404ab7 4936->4943 4949 404c07 SendMessageA 4936->4949 4938 403f18 19 API calls 4937->4938 4942 4049a3 4938->4942 4944 404c72 4939->4944 4945 404c66 SendMessageA 4939->4945 4946 404971 SendMessageA SendMessageA 4940->4946 4941->4936 4963 404b38 4941->4963 4984 4047d3 SendMessageA 4941->4984 4948 403f18 19 API calls 4942->4948 4950 403f7f 8 API calls 4943->4950 4952 404c84 ImageList_Destroy 4944->4952 4953 404c8b 4944->4953 4960 404c9b 4944->4960 4945->4944 4946->4935 4964 4049b1 4948->4964 4949->4943 4955 404c1c SendMessageA 4949->4955 4956 404e4d 4950->4956 4951 404ba0 SendMessageA 4951->4936 4952->4953 4957 404c94 GlobalFree 4953->4957 4953->4960 4954 404e01 4954->4943 4961 404e13 ShowWindow GetDlgItem ShowWindow 4954->4961 4959 404c2f 4955->4959 4957->4960 4958 404a85 GetWindowLongA SetWindowLongA 4962 404a9e 4958->4962 4971 404c40 SendMessageA 4959->4971 4960->4954 4970 40140b 2 API calls 4960->4970 4978 404ccd 4960->4978 4961->4943 4965 404aa4 ShowWindow 4962->4965 4966 404abc 4962->4966 4963->4936 4963->4951 4964->4958 4969 404a00 SendMessageA 4964->4969 4972 404a7f 4964->4972 4973 404a3c SendMessageA 4964->4973 4974 404a4d SendMessageA 4964->4974 4982 403f4d SendMessageA 4965->4982 4983 403f4d SendMessageA 4966->4983 4969->4964 4970->4978 4971->4939 4972->4958 4972->4962 4973->4964 4974->4964 4975 404dd7 InvalidateRect 4975->4954 4976 404ded 4975->4976 4989 4046f1 4976->4989 4977 404cfb SendMessageA 4981 404d11 4977->4981 4978->4977 4978->4981 4980 404d85 SendMessageA SendMessageA 4980->4981 4981->4975 4981->4980 4982->4943 4983->4941 4985 404832 SendMessageA 4984->4985 4986 4047f6 GetMessagePos ScreenToClient SendMessageA 4984->4986 4987 40482a 4985->4987 4986->4987 4988 40482f 4986->4988 4987->4963 4988->4985 4990 40470b 4989->4990 4991 405b88 18 API calls 4990->4991 4992 404740 4991->4992 4993 405b88 18 API calls 4992->4993 4994 40474b 4993->4994 4995 405b88 18 API calls 4994->4995 4996 40477c lstrlenA wsprintfA SetDlgItemTextA 4995->4996 4996->4954 4997 404e54 4998 404e62 4997->4998 4999 404e79 4997->4999 5001 404ee2 4998->5001 5002 404e68 4998->5002 5000 404e87 IsWindowVisible 4999->5000 5008 404e9e 4999->5008 5000->5001 5003 404e94 5000->5003 5004 404ee8 CallWindowProcA 5001->5004 5005 403f64 SendMessageA 5002->5005 5007 4047d3 5 API calls 5003->5007 5006 404e72 5004->5006 5005->5006 5007->5008 5008->5004 5016 405b66 lstrcpynA 5008->5016 5010 404ecd 5017 405ac4 wsprintfA 5010->5017 5012 404ed4 5013 40140b 2 API calls 5012->5013 5014 404edb 5013->5014 5018 405b66 lstrcpynA 5014->5018 5016->5010 5017->5012 5018->5001 5019 404356 5020 404394 5019->5020 5021 404387 5019->5021 5023 40439d GetDlgItem 5020->5023 5028 404400 5020->5028 5080 40540b GetDlgItemTextA 5021->5080 5025 4043b1 5023->5025 5024 40438e 5027 405dc8 5 API calls 5024->5027 5031 4043c5 SetWindowTextA 5025->5031 5036 4056ed 4 API calls 5025->5036 5026 4044e4 5029 404670 5026->5029 5082 40540b GetDlgItemTextA 5026->5082 5027->5020 5028->5026 5028->5029 5032 405b88 18 API calls 5028->5032 5035 403f7f 8 API calls 5029->5035 5034 403f18 19 API calls 5031->5034 5038 404476 SHBrowseForFolderA 5032->5038 5033 404510 5039 40573a 18 API calls 5033->5039 5040 4043e3 5034->5040 5041 404684 5035->5041 5037 4043bb 5036->5037 5037->5031 5045 405659 3 API calls 5037->5045 5038->5026 5042 40448e CoTaskMemFree 5038->5042 5043 404516 5039->5043 5044 403f18 19 API calls 5040->5044 5046 405659 3 API calls 5042->5046 5083 405b66 lstrcpynA 5043->5083 5047 4043f1 5044->5047 5045->5031 5048 40449b 5046->5048 5081 403f4d SendMessageA 5047->5081 5051 4044d2 SetDlgItemTextA 5048->5051 5056 405b88 18 API calls 5048->5056 5051->5026 5052 4043f9 5054 405e88 3 API calls 5052->5054 5053 40452d 5055 405e88 3 API calls 5053->5055 5054->5028 5062 404535 5055->5062 5057 4044ba lstrcmpiA 5056->5057 5057->5051 5060 4044cb lstrcatA 5057->5060 5058 40456f 5084 405b66 lstrcpynA 5058->5084 5060->5051 5061 404578 5063 4056ed 4 API calls 5061->5063 5062->5058 5066 4056a0 2 API calls 5062->5066 5068 4045c2 5062->5068 5064 40457e GetDiskFreeSpaceA 5063->5064 5067 4045a0 MulDiv 5064->5067 5064->5068 5066->5062 5067->5068 5069 40461f 5068->5069 5071 4046f1 21 API calls 5068->5071 5070 404642 5069->5070 5072 40140b 2 API calls 5069->5072 5085 403f3a KiUserCallbackDispatcher 5070->5085 5073 404611 5071->5073 5072->5070 5075 404621 SetDlgItemTextA 5073->5075 5076 404616 5073->5076 5075->5069 5078 4046f1 21 API calls 5076->5078 5077 40465e 5077->5029 5079 4042eb SendMessageA 5077->5079 5078->5069 5079->5029 5080->5024 5081->5052 5082->5033 5083->5053 5084->5061 5085->5077 5086 4014d6 5087 4029d9 18 API calls 5086->5087 5088 4014dc Sleep 5087->5088 5090 40288b 5088->5090 5096 4018d8 5097 40190f 5096->5097 5098 4029f6 18 API calls 5097->5098 5099 401914 5098->5099 5100 40548b 68 API calls 5099->5100 5101 40191d 5100->5101 5102 4018db 5103 4029f6 18 API calls 5102->5103 5104 4018e2 5103->5104 5105 405427 MessageBoxIndirectA 5104->5105 5106 4018eb 5105->5106 3686 404060 3687 404076 3686->3687 3691 404183 3686->3691 3715 403f18 3687->3715 3688 4041f2 3690 4041fc GetDlgItem 3688->3690 3692 4042c6 3688->3692 3694 404212 3690->3694 3695 404284 3690->3695 3691->3688 3691->3692 3696 4041c7 GetDlgItem SendMessageA 3691->3696 3724 403f7f 3692->3724 3693 4040cc 3698 403f18 19 API calls 3693->3698 3694->3695 3702 404238 6 API calls 3694->3702 3695->3692 3703 404296 3695->3703 3720 403f3a KiUserCallbackDispatcher 3696->3720 3701 4040d9 CheckDlgButton 3698->3701 3700 4042c1 3718 403f3a KiUserCallbackDispatcher 3701->3718 3702->3695 3704 40429c SendMessageA 3703->3704 3705 4042ad 3703->3705 3704->3705 3705->3700 3708 4042b3 SendMessageA 3705->3708 3706 4041ed 3721 4042eb 3706->3721 3708->3700 3710 4040f7 GetDlgItem 3719 403f4d SendMessageA 3710->3719 3712 40410d SendMessageA 3713 404134 SendMessageA SendMessageA lstrlenA SendMessageA SendMessageA 3712->3713 3714 40412b GetSysColor 3712->3714 3713->3700 3714->3713 3738 405b88 3715->3738 3718->3710 3719->3712 3720->3706 3722 4042f9 3721->3722 3723 4042fe SendMessageA 3721->3723 3722->3723 3723->3688 3725 403f97 GetWindowLongA 3724->3725 3735 404020 3724->3735 3726 403fa8 3725->3726 3725->3735 3727 403fb7 GetSysColor 3726->3727 3728 403fba 3726->3728 3727->3728 3729 403fc0 SetTextColor 3728->3729 3730 403fca SetBkMode 3728->3730 3729->3730 3731 403fe2 GetSysColor 3730->3731 3732 403fe8 3730->3732 3731->3732 3733 403ff9 3732->3733 3734 403fef SetBkColor 3732->3734 3733->3735 3736 404013 CreateBrushIndirect 3733->3736 3737 40400c DeleteObject 3733->3737 3734->3733 3735->3700 3736->3735 3737->3736 3750 405b95 3738->3750 3739 405daf 3740 403f23 SetDlgItemTextA 3739->3740 3773 405b66 lstrcpynA 3739->3773 3740->3693 3742 405c2d GetVersion 3752 405c3a 3742->3752 3743 405d86 lstrlenA 3743->3750 3746 405b88 10 API calls 3746->3743 3747 405ca5 GetSystemDirectoryA 3747->3752 3749 405cb8 GetWindowsDirectoryA 3749->3752 3750->3739 3750->3742 3750->3743 3750->3746 3762 405dc8 3750->3762 3771 405ac4 wsprintfA 3750->3771 3772 405b66 lstrcpynA 3750->3772 3752->3747 3752->3749 3752->3750 3753 405cec SHGetSpecialFolderLocation 3752->3753 3754 405b88 10 API calls 3752->3754 3755 405d2f lstrcatA 3752->3755 3757 405a4d RegOpenKeyExA 3752->3757 3753->3752 3756 405d04 SHGetPathFromIDListA CoTaskMemFree 3753->3756 3754->3752 3755->3750 3756->3752 3758 405a80 RegQueryValueExA 3757->3758 3759 405abe 3757->3759 3760 405aa1 RegCloseKey 3758->3760 3759->3752 3760->3759 3765 405dd4 3762->3765 3763 405e3c 3764 405e40 CharPrevA 3763->3764 3768 405e5b 3763->3768 3764->3763 3765->3763 3766 405e31 CharNextA 3765->3766 3769 405e1f CharNextA 3765->3769 3770 405e2c CharNextA 3765->3770 3774 405684 3765->3774 3766->3763 3766->3765 3768->3750 3769->3765 3770->3766 3771->3750 3772->3750 3773->3740 3775 40568a 3774->3775 3776 40569d 3775->3776 3777 405690 CharNextA 3775->3777 3776->3765 3777->3775 5107 401ae5 5108 4029f6 18 API calls 5107->5108 5109 401aec 5108->5109 5110 4029d9 18 API calls 5109->5110 5111 401af5 wsprintfA 5110->5111 5112 40288b 5111->5112 5113 402866 SendMessageA 5114 402880 InvalidateRect 5113->5114 5115 40288b 5113->5115 5114->5115 5123 4019e6 5124 4029f6 18 API calls 5123->5124 5125 4019ef ExpandEnvironmentStringsA 5124->5125 5126 401a03 5125->5126 5128 401a16 5125->5128 5127 401a08 lstrcmpA 5126->5127 5126->5128 5127->5128 5129 402267 5130 4029f6 18 API calls 5129->5130 5131 402275 5130->5131 5132 4029f6 18 API calls 5131->5132 5133 40227e 5132->5133 5134 4029f6 18 API calls 5133->5134 5135 402288 GetPrivateProfileStringA 5134->5135 5143 401c6d 5144 4029d9 18 API calls 5143->5144 5145 401c73 IsWindow 5144->5145 5146 4019d6 5145->5146 5147 40366d 5148 403678 5147->5148 5149 40367f GlobalAlloc 5148->5149 5150 40367c 5148->5150 5149->5150 5158 4014f0 SetForegroundWindow 5159 40288b 5158->5159 5160 402172 5161 4029f6 18 API calls 5160->5161 5162 402178 5161->5162 5163 4029f6 18 API calls 5162->5163 5164 402181 5163->5164 5165 4029f6 18 API calls 5164->5165 5166 40218a 5165->5166 5167 405e61 2 API calls 5166->5167 5168 402193 5167->5168 5169 4021a4 lstrlenA lstrlenA 5168->5169 5170 402197 5168->5170 5171 404f04 25 API calls 5169->5171 5172 404f04 25 API calls 5170->5172 5174 40219f 5170->5174 5173 4021e0 SHFileOperationA 5171->5173 5172->5174 5173->5170 5173->5174 5175 4021f4 5176 4021fb 5175->5176 5178 40220e 5175->5178 5177 405b88 18 API calls 5176->5177 5179 402208 5177->5179 5180 405427 MessageBoxIndirectA 5179->5180 5180->5178 5181 4016fa 5182 4029f6 18 API calls 5181->5182 5183 401701 SearchPathA 5182->5183 5184 40171c 5183->5184 5185 4025fb 5186 402602 5185->5186 5187 40288b 5185->5187 5188 402608 FindClose 5186->5188 5188->5187 5189 40267c 5190 4029f6 18 API calls 5189->5190 5192 40268a 5190->5192 5191 4026a0 5194 40581e 2 API calls 5191->5194 5192->5191 5193 4029f6 18 API calls 5192->5193 5193->5191 5195 4026a6 5194->5195 5215 40583d GetFileAttributesA CreateFileA 5195->5215 5197 4026b3 5198 40275c 5197->5198 5199 4026bf GlobalAlloc 5197->5199 5200 402764 DeleteFileA 5198->5200 5201 402777 5198->5201 5202 402753 CloseHandle 5199->5202 5203 4026d8 5199->5203 5200->5201 5202->5198 5216 4031f1 SetFilePointer 5203->5216 5205 4026de 5206 4031bf ReadFile 5205->5206 5207 4026e7 GlobalAlloc 5206->5207 5208 4026f7 5207->5208 5209 40272b WriteFile GlobalFree 5207->5209 5210 402f18 48 API calls 5208->5210 5211 402f18 48 API calls 5209->5211 5214 402704 5210->5214 5212 402750 5211->5212 5212->5202 5213 402722 GlobalFree 5213->5209 5214->5213 5215->5197 5216->5205 5217 40277d 5218 4029d9 18 API calls 5217->5218 5219 402783 5218->5219 5220 4027a7 5219->5220 5221 4027be 5219->5221 5226 40265c 5219->5226 5222 4027bb 5220->5222 5223 4027ac 5220->5223 5224 4027d4 5221->5224 5225 4027c8 5221->5225 5232 405ac4 wsprintfA 5222->5232 5231 405b66 lstrcpynA 5223->5231 5228 405b88 18 API calls 5224->5228 5227 4029d9 18 API calls 5225->5227 5227->5226 5228->5226 5231->5226 5232->5226 5240 4014fe 5241 401506 5240->5241 5243 401519 5240->5243 5242 4029d9 18 API calls 5241->5242 5242->5243 5244 401000 5245 401037 BeginPaint GetClientRect 5244->5245 5247 40100c DefWindowProcA 5244->5247 5248 4010f3 5245->5248 5249 401179 5247->5249 5250 401073 CreateBrushIndirect FillRect DeleteObject 5248->5250 5251 4010fc 5248->5251 5250->5248 5252 401102 CreateFontIndirectA 5251->5252 5253 401167 EndPaint 5251->5253 5252->5253 5254 401112 6 API calls 5252->5254 5253->5249 5254->5253 5255 402303 5256 402309 5255->5256 5257 4029f6 18 API calls 5256->5257 5258 40231b 5257->5258 5259 4029f6 18 API calls 5258->5259 5260 402325 RegCreateKeyExA 5259->5260 5261 40288b 5260->5261 5262 40234f 5260->5262 5263 402367 5262->5263 5264 4029f6 18 API calls 5262->5264 5265 402373 5263->5265 5266 4029d9 18 API calls 5263->5266 5268 402360 lstrlenA 5264->5268 5267 40238e RegSetValueExA 5265->5267 5269 402f18 48 API calls 5265->5269 5266->5265 5270 4023a4 RegCloseKey 5267->5270 5268->5263 5269->5267 5270->5261 5272 402803 5273 4029d9 18 API calls 5272->5273 5274 402809 5273->5274 5275 40283a 5274->5275 5276 40265c 5274->5276 5278 402817 5274->5278 5275->5276 5277 405b88 18 API calls 5275->5277 5277->5276 5278->5276 5280 405ac4 wsprintfA 5278->5280 5280->5276 3948 402506 3957 4029d9 3948->3957 3950 402510 3951 402586 3950->3951 3952 402544 ReadFile 3950->3952 3953 402588 3950->3953 3954 402598 3950->3954 3952->3950 3952->3951 3960 405ac4 wsprintfA 3953->3960 3954->3951 3956 4025ae SetFilePointer 3954->3956 3956->3951 3958 405b88 18 API calls 3957->3958 3959 4029ed 3958->3959 3959->3950 3960->3951 5281 401b06 5282 401b13 5281->5282 5283 401b57 5281->5283 5286 4021fb 5282->5286 5291 401b2a 5282->5291 5284 401b80 GlobalAlloc 5283->5284 5285 401b5b 5283->5285 5287 405b88 18 API calls 5284->5287 5294 401b9b 5285->5294 5302 405b66 lstrcpynA 5285->5302 5288 405b88 18 API calls 5286->5288 5287->5294 5290 402208 5288->5290 5295 405427 MessageBoxIndirectA 5290->5295 5300 405b66 lstrcpynA 5291->5300 5292 401b6d GlobalFree 5292->5294 5295->5294 5296 401b39 5301 405b66 lstrcpynA 5296->5301 5298 401b48 5303 405b66 lstrcpynA 5298->5303 5300->5296 5301->5298 5302->5292 5303->5294 5304 401c8a 5305 4029d9 18 API calls 5304->5305 5306 401c91 5305->5306 5307 4029d9 18 API calls 5306->5307 5308 401c99 GetDlgItem 5307->5308 5309 4024b8 5308->5309 5310 40468b 5311 4046b7 5310->5311 5312 40469b 5310->5312 5314 4046ea 5311->5314 5315 4046bd SHGetPathFromIDListA 5311->5315 5321 40540b GetDlgItemTextA 5312->5321 5317 4046d4 SendMessageA 5315->5317 5318 4046cd 5315->5318 5316 4046a8 SendMessageA 5316->5311 5317->5314 5320 40140b 2 API calls 5318->5320 5320->5317 5321->5316 3975 40190d 3976 40190f 3975->3976 3977 4029f6 18 API calls 3976->3977 3978 401914 3977->3978 3981 40548b 3978->3981 4022 40573a 3981->4022 3984 4054a8 DeleteFileA 3986 40191d 3984->3986 3985 4054bf 3987 4055fe 3985->3987 4036 405b66 lstrcpynA 3985->4036 3987->3986 4071 405e61 FindFirstFileA 3987->4071 3989 4054e9 3990 4054fa 3989->3990 3991 4054ed lstrcatA 3989->3991 4037 4056a0 lstrlenA 3990->4037 3993 405500 3991->3993 3996 40550e lstrcatA 3993->3996 3997 405519 lstrlenA FindFirstFileA 3993->3997 3996->3997 3998 4055f4 3997->3998 4002 40553d 3997->4002 3998->3987 4000 405684 CharNextA 4000->4002 4002->4000 4008 4055d3 FindNextFileA 4002->4008 4016 40548b 59 API calls 4002->4016 4019 404f04 25 API calls 4002->4019 4020 404f04 25 API calls 4002->4020 4041 405b66 lstrcpynA 4002->4041 4042 40581e GetFileAttributesA 4002->4042 4045 4058b4 4002->4045 4003 40581e 2 API calls 4004 405629 RemoveDirectoryA 4003->4004 4005 405634 4004->4005 4006 40564b 4004->4006 4005->3986 4010 40563a 4005->4010 4007 404f04 25 API calls 4006->4007 4007->3986 4008->4002 4011 4055eb FindClose 4008->4011 4012 404f04 25 API calls 4010->4012 4011->3998 4013 405642 4012->4013 4014 4058b4 38 API calls 4013->4014 4017 405649 4014->4017 4016->4002 4017->3986 4019->4008 4020->4002 4077 405b66 lstrcpynA 4022->4077 4024 40574b 4078 4056ed CharNextA CharNextA 4024->4078 4027 40549f 4027->3984 4027->3985 4028 405dc8 5 API calls 4031 405761 4028->4031 4029 40578c lstrlenA 4030 405797 4029->4030 4029->4031 4033 405659 3 API calls 4030->4033 4031->4027 4031->4029 4032 405e61 2 API calls 4031->4032 4035 4056a0 2 API calls 4031->4035 4032->4031 4034 40579c GetFileAttributesA 4033->4034 4034->4027 4035->4029 4036->3989 4038 4056ad 4037->4038 4039 4056b2 CharPrevA 4038->4039 4040 4056be 4038->4040 4039->4038 4039->4040 4040->3993 4041->4002 4043 4055a0 DeleteFileA 4042->4043 4044 40582d SetFileAttributesA 4042->4044 4043->4002 4044->4043 4084 405e88 GetModuleHandleA 4045->4084 4048 40591c GetShortPathNameA 4050 405931 4048->4050 4051 405a11 4048->4051 4050->4051 4053 405939 wsprintfA 4050->4053 4051->4002 4052 405900 CloseHandle GetShortPathNameA 4052->4051 4054 405914 4052->4054 4055 405b88 18 API calls 4053->4055 4054->4048 4054->4051 4056 405961 4055->4056 4089 40583d GetFileAttributesA CreateFileA 4056->4089 4058 40596e 4058->4051 4059 40597d GetFileSize GlobalAlloc 4058->4059 4060 405a0a CloseHandle 4059->4060 4061 40599b ReadFile 4059->4061 4060->4051 4061->4060 4062 4059af 4061->4062 4062->4060 4090 4057b2 lstrlenA 4062->4090 4065 4059c4 4095 405b66 lstrcpynA 4065->4095 4066 405a1e 4068 4057b2 4 API calls 4066->4068 4069 4059d2 4068->4069 4070 4059e5 SetFilePointer WriteFile GlobalFree 4069->4070 4070->4060 4072 405619 4071->4072 4073 405e77 FindClose 4071->4073 4072->3986 4074 405659 lstrlenA CharPrevA 4072->4074 4073->4072 4075 405673 lstrcatA 4074->4075 4076 405623 4074->4076 4075->4076 4076->4003 4077->4024 4079 405707 4078->4079 4083 405713 4078->4083 4080 40570e CharNextA 4079->4080 4079->4083 4081 405730 4080->4081 4081->4027 4081->4028 4082 405684 CharNextA 4082->4083 4083->4081 4083->4082 4085 405ea4 LoadLibraryA 4084->4085 4086 405eaf GetProcAddress 4084->4086 4085->4086 4087 4058bf 4085->4087 4086->4087 4087->4048 4087->4051 4088 40583d GetFileAttributesA CreateFileA 4087->4088 4088->4052 4089->4058 4091 4057e8 lstrlenA 4090->4091 4092 4057f2 4091->4092 4093 4057c6 lstrcmpiA 4091->4093 4092->4065 4092->4066 4093->4092 4094 4057df CharNextA 4093->4094 4094->4091 4095->4069 5322 40430f 5323 404345 5322->5323 5324 40431f 5322->5324 5326 403f7f 8 API calls 5323->5326 5325 403f18 19 API calls 5324->5325 5327 40432c SetDlgItemTextA 5325->5327 5328 404351 5326->5328 5327->5323 5329 401490 5330 404f04 25 API calls 5329->5330 5331 401497 5330->5331 4426 6c541185 4427 6c541197 4426->4427 4428 6c5412f0 12 API calls 4426->4428 4429 6c5411a2 4427->4429 4430 6c5412dc 4427->4430 4438 6c541249 4428->4438 4432 6c5411a9 4429->4432 4435 6c541251 4429->4435 4450 6c541e66 GetDlgItem 4430->4450 4436 6c5411bd IsWindow 4432->4436 4432->4438 4437 6c5412a1 4435->4437 4435->4438 4441 6c541277 MessageBoxA 4435->4441 4436->4438 4439 6c5411ca 4436->4439 4437->4438 4440 6c5412c6 KillTimer KiUserCallbackDispatcher 4437->4440 4442 6c5411ea 4439->4442 4443 6c5411d3 GetTickCount 4439->4443 4440->4438 4441->4437 4441->4438 4444 6c541206 4442->4444 4445 6c5411fb 4442->4445 4443->4442 4490 6c542bec GetTickCount 4444->4490 4468 6c54206c GetTickCount GetTickCount wsprintfA 4445->4468 4449 6c54120b 6 API calls 4449->4438 4451 6c541e8f GetDlgItem GetDlgItem 4450->4451 4452 6c541f59 4450->4452 4454 6c541ec8 SetWindowLongA 4451->4454 4455 6c541eba GetWindowLongA 4451->4455 4453 6c541f90 SendDlgItemMessageA 4452->4453 4456 6c541f66 ShowWindow 4452->4456 4457 6c541f6f 4452->4457 4458 6c541fb3 GetModuleHandleA LoadIconA SendDlgItemMessageA SetDlgItemTextA SetWindowTextA 4453->4458 4459 6c541ffe SetTimer 4453->4459 4454->4452 4460 6c541edd SendMessageA 4454->4460 4455->4454 4456->4457 4457->4453 4461 6c541f78 GetWindowLongA SetWindowLongA 4457->4461 4458->4459 4462 6c5412e4 4459->4462 4463 6c542017 6 API calls 4459->4463 4464 6c541ef6 SendDlgItemMessageA SendDlgItemMessageA 4460->4464 4465 6c541f0f 4460->4465 4461->4453 4510 6c5410ae GetParent 4462->4510 4463->4462 4464->4465 4466 6c541f18 GetParent GetDlgItem GetWindowTextA 4465->4466 4467 6c541f3b SetWindowTextA SetWindowPos 4465->4467 4466->4467 4467->4452 4469 6c5420e6 4468->4469 4470 6c542123 4468->4470 4469->4470 4473 6c5420f4 MulDiv lstrlenA wsprintfA 4469->4473 4471 6c54213d SetDlgItemTextA SetDlgItemTextA 4470->4471 4472 6c54212f SetWindowTextA 4470->4472 4475 6c542175 4471->4475 4476 6c5421e1 4471->4476 4472->4471 4473->4470 4519 6c5415e6 4475->4519 4479 6c5421eb SetDlgItemTextA wsprintfA SetDlgItemTextA 4476->4479 4478 6c542182 4478->4479 4482 6c542195 lstrcatA lstrlenA 4478->4482 4480 6c541203 4479->4480 4481 6c54224e 4479->4481 4480->4449 4481->4480 4483 6c5415e6 2 API calls 4481->4483 4484 6c5415e6 2 API calls 4482->4484 4485 6c542264 SetDlgItemTextA MulDiv SendDlgItemMessageA 4483->4485 4486 6c5421cf lstrcatA 4484->4486 4487 6c5422ae MulDiv wsprintfA 4485->4487 4488 6c5422ef 4485->4488 4486->4476 4489 6c5422f6 GetDlgItem SetWindowTextA 4487->4489 4488->4489 4489->4480 4491 6c542c16 GetTickCount 4490->4491 4492 6c542c11 4490->4492 4491->4492 4493 6c542c42 MulDiv 4492->4493 4494 6c542c5d 4492->4494 4493->4494 4495 6c542cbd 4494->4495 4496 6c542ca9 MulDiv 4494->4496 4497 6c542cbf wsprintfA 4495->4497 4496->4497 4498 6c542d34 SetDlgItemTextA 4497->4498 4499 6c542d0b lstrlenA wsprintfA 4497->4499 4501 6c542da1 4498->4501 4502 6c542d6e 4498->4502 4499->4498 4504 6c542ddc wsprintfA GetDlgItem 4501->4504 4502->4501 4503 6c542d73 MulDiv GetDlgItem SendMessageA 4502->4503 4503->4501 4505 6c542dfe 4504->4505 4506 6c542e38 4504->4506 4505->4506 4507 6c542e02 IsWindow 4505->4507 4506->4449 4507->4506 4508 6c542e0d GetWindowTextA lstrcmpA 4507->4508 4508->4506 4509 6c542e30 SetWindowTextA 4508->4509 4509->4506 4511 6c541181 4510->4511 4512 6c5410c5 4510->4512 4511->4438 4512->4511 4513 6c5410ed GetClientRect 4512->4513 4514 6c5410e9 GetWindowRect 4512->4514 4515 6c5410f3 GetWindowRect 4513->4515 4514->4515 4516 6c541132 SystemParametersInfoA 4515->4516 4517 6c541163 4515->4517 4516->4517 4518 6c54116b SetWindowPos 4516->4518 4517->4518 4518->4511 4520 6c5415f1 lstrcpyA 4519->4520 4521 6c5415f8 4519->4521 4520->4478 4521->4520 4524 6c54160c wsprintfA 4521->4524 4524->4478 5332 402615 5333 402618 5332->5333 5336 402630 5332->5336 5334 402625 FindNextFileA 5333->5334 5335 40266f 5334->5335 5334->5336 5338 405b66 lstrcpynA 5335->5338 5338->5336 5346 401595 5347 4029f6 18 API calls 5346->5347 5348 40159c SetFileAttributesA 5347->5348 5349 4015ae 5348->5349 5350 401d95 5351 4029d9 18 API calls 5350->5351 5352 401d9b 5351->5352 5353 4029d9 18 API calls 5352->5353 5354 401da4 5353->5354 5355 401db6 EnableWindow 5354->5355 5356 401dab ShowWindow 5354->5356 5357 40288b 5355->5357 5356->5357 5358 401e95 5359 4029f6 18 API calls 5358->5359 5360 401e9c 5359->5360 5361 405e61 2 API calls 5360->5361 5362 401ea2 5361->5362 5364 401eb4 5362->5364 5365 405ac4 wsprintfA 5362->5365 5365->5364 5366 401696 5367 4029f6 18 API calls 5366->5367 5368 40169c GetFullPathNameA 5367->5368 5369 4016d4 5368->5369 5370 4016b3 5368->5370 5371 4016e8 GetShortPathNameA 5369->5371 5372 40288b 5369->5372 5370->5369 5373 405e61 2 API calls 5370->5373 5371->5372 5374 4016c4 5373->5374 5374->5369 5376 405b66 lstrcpynA 5374->5376 5376->5369 4649 401e1b 4650 4029f6 18 API calls 4649->4650 4651 401e21 4650->4651 4652 404f04 25 API calls 4651->4652 4653 401e2b 4652->4653 4665 4053c6 CreateProcessA 4653->4665 4655 401e87 CloseHandle 4657 40265c 4655->4657 4656 401e50 WaitForSingleObject 4658 401e31 4656->4658 4659 401e5e GetExitCodeProcess 4656->4659 4658->4655 4658->4656 4658->4657 4662 405ec1 2 API calls 4658->4662 4660 401e70 4659->4660 4661 401e7b 4659->4661 4668 405ac4 wsprintfA 4660->4668 4661->4655 4664 401e79 4661->4664 4662->4656 4664->4655 4666 405401 4665->4666 4667 4053f5 CloseHandle 4665->4667 4666->4658 4667->4666 4668->4664 5377 401d1b GetDC GetDeviceCaps 5378 4029d9 18 API calls 5377->5378 5379 401d37 MulDiv 5378->5379 5380 4029d9 18 API calls 5379->5380 5381 401d4c 5380->5381 5382 405b88 18 API calls 5381->5382 5383 401d85 CreateFontIndirectA 5382->5383 5384 4024b8 5383->5384 5385 40249c 5386 4029f6 18 API calls 5385->5386 5387 4024a3 5386->5387 5390 40583d GetFileAttributesA CreateFileA 5387->5390 5389 4024af 5390->5389 5391 402020 5392 4029f6 18 API calls 5391->5392 5393 402027 5392->5393 5394 4029f6 18 API calls 5393->5394 5395 402031 5394->5395 5396 4029f6 18 API calls 5395->5396 5397 40203a 5396->5397 5398 4029f6 18 API calls 5397->5398 5399 402044 5398->5399 5400 4029f6 18 API calls 5399->5400 5402 40204e 5400->5402 5401 402062 CoCreateInstance 5406 402081 5401->5406 5407 402137 5401->5407 5402->5401 5403 4029f6 18 API calls 5402->5403 5403->5401 5404 401423 25 API calls 5405 402169 5404->5405 5406->5407 5408 402116 MultiByteToWideChar 5406->5408 5407->5404 5407->5405 5408->5407 3778 401721 3784 4029f6 3778->3784 3782 40172f 3783 40586c 2 API calls 3782->3783 3783->3782 3785 402a02 3784->3785 3786 405b88 18 API calls 3785->3786 3787 402a23 3786->3787 3788 401728 3787->3788 3789 405dc8 5 API calls 3787->3789 3790 40586c 3788->3790 3789->3788 3791 405877 GetTickCount GetTempFileNameA 3790->3791 3792 4058a7 3791->3792 3793 4058a3 3791->3793 3792->3782 3793->3791 3793->3792 5409 401922 5410 4029f6 18 API calls 5409->5410 5411 401929 lstrlenA 5410->5411 5412 4024b8 5411->5412 5413 402223 5414 402231 5413->5414 5415 40222b 5413->5415 5417 402241 5414->5417 5418 4029f6 18 API calls 5414->5418 5416 4029f6 18 API calls 5415->5416 5416->5414 5420 4029f6 18 API calls 5417->5420 5422 40224f 5417->5422 5418->5417 5419 4029f6 18 API calls 5421 402258 WritePrivateProfileStringA 5419->5421 5420->5422 5422->5419 5430 401ca5 5431 4029d9 18 API calls 5430->5431 5432 401cb5 SetWindowLongA 5431->5432 5433 40288b 5432->5433 5434 401a26 5435 4029d9 18 API calls 5434->5435 5436 401a2c 5435->5436 5437 4029d9 18 API calls 5436->5437 5438 4019d6 5437->5438 3961 402427 3971 402b00 3961->3971 3963 402431 3964 4029d9 18 API calls 3963->3964 3965 40243a 3964->3965 3966 402451 RegEnumKeyA 3965->3966 3967 40245d RegEnumValueA 3965->3967 3968 40265c 3965->3968 3969 402476 RegCloseKey 3966->3969 3967->3968 3967->3969 3969->3968 3972 4029f6 18 API calls 3971->3972 3973 402b19 3972->3973 3974 402b27 RegOpenKeyExA 3973->3974 3974->3963 5439 4022a7 5440 4022d7 5439->5440 5441 4022ac 5439->5441 5442 4029f6 18 API calls 5440->5442 5443 402b00 19 API calls 5441->5443 5446 4022de 5442->5446 5444 4022b3 5443->5444 5445 4029f6 18 API calls 5444->5445 5449 4022f4 5444->5449 5447 4022c4 RegDeleteValueA RegCloseKey 5445->5447 5450 402a36 RegOpenKeyExA 5446->5450 5447->5449 5457 402a61 5450->5457 5458 402aad 5450->5458 5451 402a87 RegEnumKeyA 5452 402a99 RegCloseKey 5451->5452 5451->5457 5454 405e88 3 API calls 5452->5454 5453 402abe RegCloseKey 5453->5458 5456 402aa9 5454->5456 5455 402a36 3 API calls 5455->5457 5456->5458 5459 402ad9 RegDeleteKeyA 5456->5459 5457->5451 5457->5452 5457->5453 5457->5455 5458->5449 5459->5458 5460 6c543b3f lstrcpyA lstrcpyA 5461 40402c lstrcpynA lstrlenA 4096 401bad 4097 4029d9 18 API calls 4096->4097 4098 401bb4 4097->4098 4099 4029d9 18 API calls 4098->4099 4100 401bbe 4099->4100 4101 401bce 4100->4101 4102 4029f6 18 API calls 4100->4102 4103 401bde 4101->4103 4104 4029f6 18 API calls 4101->4104 4102->4101 4105 401be9 4103->4105 4106 401c2d 4103->4106 4104->4103 4108 4029d9 18 API calls 4105->4108 4107 4029f6 18 API calls 4106->4107 4109 401c32 4107->4109 4110 401bee 4108->4110 4111 4029f6 18 API calls 4109->4111 4112 4029d9 18 API calls 4110->4112 4113 401c3b FindWindowExA 4111->4113 4114 401bf7 4112->4114 4117 401c59 4113->4117 4115 401c1d SendMessageA 4114->4115 4116 401bff SendMessageTimeoutA 4114->4116 4115->4117 4116->4117 5462 4023af 5463 402b00 19 API calls 5462->5463 5464 4023b9 5463->5464 5465 4029f6 18 API calls 5464->5465 5466 4023c2 5465->5466 5467 4023cc RegQueryValueExA 5466->5467 5470 40265c 5466->5470 5468 4023ec 5467->5468 5469 4023f2 RegCloseKey 5467->5469 5468->5469 5473 405ac4 wsprintfA 5468->5473 5469->5470 5473->5469 5474 406131 5475 405fb5 5474->5475 5476 406920 5475->5476 5477 406036 GlobalFree 5475->5477 5478 40603f GlobalAlloc 5475->5478 5479 4060b6 GlobalAlloc 5475->5479 5480 4060ad GlobalFree 5475->5480 5477->5478 5478->5475 5478->5476 5479->5475 5479->5476 5480->5479 5481 6c543b26 LocalAlloc 4525 4015b3 4526 4029f6 18 API calls 4525->4526 4527 4015ba 4526->4527 4528 4056ed 4 API calls 4527->4528 4540 4015c2 4528->4540 4529 40160a 4530 40162d 4529->4530 4531 40160f 4529->4531 4536 401423 25 API calls 4530->4536 4533 401423 25 API calls 4531->4533 4532 405684 CharNextA 4534 4015d0 CreateDirectoryA 4532->4534 4535 401616 4533->4535 4537 4015e5 GetLastError 4534->4537 4534->4540 4543 405b66 lstrcpynA 4535->4543 4542 402169 4536->4542 4539 4015f2 GetFileAttributesA 4537->4539 4537->4540 4539->4540 4540->4529 4540->4532 4541 401621 SetCurrentDirectoryA 4541->4542 4543->4541 4544 401734 4545 4029f6 18 API calls 4544->4545 4546 40173b 4545->4546 4547 401761 4546->4547 4548 401759 4546->4548 4600 405b66 lstrcpynA 4547->4600 4599 405b66 lstrcpynA 4548->4599 4551 40175f 4555 405dc8 5 API calls 4551->4555 4552 40176c 4553 405659 3 API calls 4552->4553 4554 401772 lstrcatA 4553->4554 4554->4551 4577 40177e 4555->4577 4556 405e61 2 API calls 4556->4577 4557 40581e 2 API calls 4557->4577 4559 401795 CompareFileTime 4559->4577 4560 401859 4562 404f04 25 API calls 4560->4562 4561 401830 4563 404f04 25 API calls 4561->4563 4570 401845 4561->4570 4564 401863 4562->4564 4563->4570 4584 402f18 4564->4584 4567 40188a SetFileTime 4569 40189c CloseHandle 4567->4569 4568 405b88 18 API calls 4568->4577 4571 40220e 4569->4571 4572 4018ad 4569->4572 4571->4570 4574 4018b2 4572->4574 4575 4018c5 4572->4575 4573 405b66 lstrcpynA 4573->4577 4578 405b88 18 API calls 4574->4578 4576 405b88 18 API calls 4575->4576 4579 4018cd 4576->4579 4577->4556 4577->4557 4577->4559 4577->4560 4577->4561 4577->4568 4577->4573 4583 40583d GetFileAttributesA CreateFileA 4577->4583 4601 405427 4577->4601 4581 4018ba lstrcatA 4578->4581 4582 405427 MessageBoxIndirectA 4579->4582 4581->4579 4582->4571 4583->4577 4585 402f45 4584->4585 4586 402f29 SetFilePointer 4584->4586 4605 403043 GetTickCount 4585->4605 4586->4585 4589 402f56 ReadFile 4590 401876 4589->4590 4591 402f76 4589->4591 4590->4567 4590->4569 4591->4590 4592 403043 43 API calls 4591->4592 4593 402f8d 4592->4593 4593->4590 4594 403008 ReadFile 4593->4594 4596 402f9d 4593->4596 4594->4590 4596->4590 4597 402fb8 ReadFile 4596->4597 4598 402fd1 WriteFile 4596->4598 4597->4590 4597->4596 4598->4590 4598->4596 4599->4551 4600->4552 4602 40543c 4601->4602 4603 405488 4602->4603 4604 405450 MessageBoxIndirectA 4602->4604 4603->4577 4604->4603 4606 403072 4605->4606 4607 4031ad 4605->4607 4618 4031f1 SetFilePointer 4606->4618 4608 402bd3 33 API calls 4607->4608 4614 402f4e 4608->4614 4610 40307d SetFilePointer 4616 4030a2 4610->4616 4614->4589 4614->4590 4615 403137 WriteFile 4615->4614 4615->4616 4616->4614 4616->4615 4617 40318e SetFilePointer 4616->4617 4619 4031bf ReadFile 4616->4619 4621 402bd3 4616->4621 4635 405f82 4616->4635 4617->4607 4618->4610 4620 4031e0 4619->4620 4620->4616 4622 402be1 4621->4622 4623 402bf9 4621->4623 4624 402bea DestroyWindow 4622->4624 4634 402bf1 4622->4634 4625 402c01 4623->4625 4626 402c09 GetTickCount 4623->4626 4624->4634 4645 405ec1 4625->4645 4628 402c17 4626->4628 4626->4634 4629 402c4c CreateDialogParamA ShowWindow 4628->4629 4630 402c1f 4628->4630 4629->4634 4630->4634 4642 402bb7 4630->4642 4632 402c2d wsprintfA 4633 404f04 25 API calls 4632->4633 4633->4634 4634->4616 4636 405fa7 4635->4636 4637 405faf 4635->4637 4636->4616 4637->4636 4638 406036 GlobalFree 4637->4638 4639 40603f GlobalAlloc 4637->4639 4640 4060b6 GlobalAlloc 4637->4640 4641 4060ad GlobalFree 4637->4641 4638->4639 4639->4636 4639->4637 4640->4636 4640->4637 4641->4640 4643 402bc6 4642->4643 4644 402bc8 MulDiv 4642->4644 4643->4644 4644->4632 4646 405ede PeekMessageA 4645->4646 4647 405ed4 DispatchMessageA 4646->4647 4648 405eee 4646->4648 4647->4646 4648->4634 5482 401634 5483 4029f6 18 API calls 5482->5483 5484 40163a 5483->5484 5485 405e61 2 API calls 5484->5485 5486 401640 5485->5486 5487 401934 5488 4029d9 18 API calls 5487->5488 5489 40193b 5488->5489 5490 4029d9 18 API calls 5489->5490 5491 401945 5490->5491 5492 4029f6 18 API calls 5491->5492 5493 40194e 5492->5493 5494 401961 lstrlenA 5493->5494 5495 40199c 5493->5495 5496 40196b 5494->5496 5496->5495 5500 405b66 lstrcpynA 5496->5500 5498 401985 5498->5495 5499 401992 lstrlenA 5498->5499 5499->5495 5500->5498 5501 4019b5 5502 4029f6 18 API calls 5501->5502 5503 4019bc 5502->5503 5504 4029f6 18 API calls 5503->5504 5505 4019c5 5504->5505 5506 4019cc lstrcmpiA 5505->5506 5507 4019de lstrcmpA 5505->5507 5508 4019d2 5506->5508 5507->5508 5509 4014b7 5510 4014bd 5509->5510 5511 401389 2 API calls 5510->5511 5512 4014c5 5511->5512 5520 402b3b 5521 402b4a SetTimer 5520->5521 5523 402b63 5520->5523 5521->5523 5522 402bb1 5523->5522 5524 402bb7 MulDiv 5523->5524 5525 402b71 wsprintfA SetWindowTextA SetDlgItemTextA 5524->5525 5525->5522 4669 40323c #17 SetErrorMode OleInitialize 4670 405e88 3 API calls 4669->4670 4671 40327f SHGetFileInfoA 4670->4671 4739 405b66 lstrcpynA 4671->4739 4673 4032aa GetCommandLineA 4740 405b66 lstrcpynA 4673->4740 4675 4032bc GetModuleHandleA 4676 4032d3 4675->4676 4677 405684 CharNextA 4676->4677 4678 4032e7 CharNextA 4677->4678 4684 4032f4 4678->4684 4679 40335d 4680 403370 GetTempPathA 4679->4680 4741 403208 4680->4741 4682 403386 4685 4033aa DeleteFileA 4682->4685 4686 40338a GetWindowsDirectoryA lstrcatA 4682->4686 4683 405684 CharNextA 4683->4684 4684->4679 4684->4683 4690 40335f 4684->4690 4749 402c72 GetTickCount GetModuleFileNameA 4685->4749 4688 403208 11 API calls 4686->4688 4689 4033a6 4688->4689 4689->4685 4692 403424 4689->4692 4833 405b66 lstrcpynA 4690->4833 4691 4033bb 4691->4692 4694 403414 4691->4694 4697 405684 CharNextA 4691->4697 4836 4035bd 4692->4836 4779 4036af 4694->4779 4699 4033d2 4697->4699 4708 403453 lstrcatA lstrcmpiA 4699->4708 4709 4033ef 4699->4709 4700 403522 4702 4035a5 ExitProcess 4700->4702 4704 405e88 3 API calls 4700->4704 4701 40343d 4703 405427 MessageBoxIndirectA 4701->4703 4706 40344b ExitProcess 4703->4706 4707 403531 4704->4707 4710 405e88 3 API calls 4707->4710 4708->4692 4712 40346f CreateDirectoryA SetCurrentDirectoryA 4708->4712 4711 40573a 18 API calls 4709->4711 4713 40353a 4710->4713 4714 4033fa 4711->4714 4715 403491 4712->4715 4716 403486 4712->4716 4719 405e88 3 API calls 4713->4719 4714->4692 4834 405b66 lstrcpynA 4714->4834 4846 405b66 lstrcpynA 4715->4846 4845 405b66 lstrcpynA 4716->4845 4721 403543 4719->4721 4723 403591 ExitWindowsEx 4721->4723 4729 403551 GetCurrentProcess 4721->4729 4722 403409 4835 405b66 lstrcpynA 4722->4835 4723->4702 4726 40359e 4723->4726 4725 405b88 18 API calls 4727 4034c1 DeleteFileA 4725->4727 4728 40140b 2 API calls 4726->4728 4730 4034ce CopyFileA 4727->4730 4736 40349f 4727->4736 4728->4702 4731 403561 4729->4731 4730->4736 4731->4723 4732 403516 4733 4058b4 38 API calls 4732->4733 4733->4692 4734 4058b4 38 API calls 4734->4736 4735 405b88 18 API calls 4735->4736 4736->4725 4736->4732 4736->4734 4736->4735 4737 4053c6 2 API calls 4736->4737 4738 403502 CloseHandle 4736->4738 4737->4736 4738->4736 4739->4673 4740->4675 4742 405dc8 5 API calls 4741->4742 4743 403214 4742->4743 4744 40321e 4743->4744 4745 405659 3 API calls 4743->4745 4744->4682 4746 403226 CreateDirectoryA 4745->4746 4747 40586c 2 API calls 4746->4747 4748 40323a 4747->4748 4748->4682 4847 40583d GetFileAttributesA CreateFileA 4749->4847 4751 402cb5 4778 402cc2 4751->4778 4848 405b66 lstrcpynA 4751->4848 4753 402cd8 4754 4056a0 2 API calls 4753->4754 4755 402cde 4754->4755 4849 405b66 lstrcpynA 4755->4849 4757 402ce9 GetFileSize 4758 402dea 4757->4758 4776 402d00 4757->4776 4759 402bd3 33 API calls 4758->4759 4760 402df1 4759->4760 4762 402e2d GlobalAlloc 4760->4762 4760->4778 4850 4031f1 SetFilePointer 4760->4850 4761 4031bf ReadFile 4761->4776 4766 402e44 4762->4766 4763 402e85 4764 402bd3 33 API calls 4763->4764 4764->4778 4768 40586c 2 API calls 4766->4768 4767 402e0e 4769 4031bf ReadFile 4767->4769 4771 402e55 CreateFileA 4768->4771 4772 402e19 4769->4772 4770 402bd3 33 API calls 4770->4776 4773 402e8f 4771->4773 4771->4778 4772->4762 4772->4778 4851 4031f1 SetFilePointer 4773->4851 4775 402e9d 4777 402f18 48 API calls 4775->4777 4776->4758 4776->4761 4776->4763 4776->4770 4776->4778 4777->4778 4778->4691 4780 405e88 3 API calls 4779->4780 4781 4036c3 4780->4781 4782 4036c9 4781->4782 4783 4036db 4781->4783 4861 405ac4 wsprintfA 4782->4861 4784 405a4d 3 API calls 4783->4784 4785 4036fc 4784->4785 4786 40371a lstrcatA 4785->4786 4789 405a4d 3 API calls 4785->4789 4788 4036d9 4786->4788 4852 403978 4788->4852 4789->4786 4792 40573a 18 API calls 4793 40374c 4792->4793 4794 4037d5 4793->4794 4797 405a4d 3 API calls 4793->4797 4795 40573a 18 API calls 4794->4795 4796 4037db 4795->4796 4798 4037eb LoadImageA 4796->4798 4800 405b88 18 API calls 4796->4800 4799 403778 4797->4799 4801 403816 RegisterClassA 4798->4801 4802 40389f 4798->4802 4799->4794 4803 403794 lstrlenA 4799->4803 4807 405684 CharNextA 4799->4807 4800->4798 4804 403852 SystemParametersInfoA CreateWindowExA 4801->4804 4805 4038a9 4801->4805 4806 40140b 2 API calls 4802->4806 4808 4037a2 lstrcmpiA 4803->4808 4809 4037c8 4803->4809 4804->4802 4805->4692 4810 4038a5 4806->4810 4811 403792 4807->4811 4808->4809 4812 4037b2 GetFileAttributesA 4808->4812 4813 405659 3 API calls 4809->4813 4810->4805 4815 403978 19 API calls 4810->4815 4811->4803 4814 4037be 4812->4814 4816 4037ce 4813->4816 4814->4809 4817 4056a0 2 API calls 4814->4817 4818 4038b6 4815->4818 4862 405b66 lstrcpynA 4816->4862 4817->4809 4820 4038c2 ShowWindow LoadLibraryA 4818->4820 4821 403945 4818->4821 4823 4038e1 LoadLibraryA 4820->4823 4824 4038e8 GetClassInfoA 4820->4824 4822 404fd6 5 API calls 4821->4822 4827 40394b 4822->4827 4823->4824 4825 403912 DialogBoxParamA 4824->4825 4826 4038fc GetClassInfoA RegisterClassA 4824->4826 4828 40140b 2 API calls 4825->4828 4826->4825 4829 403967 4827->4829 4830 40394f 4827->4830 4828->4805 4831 40140b 2 API calls 4829->4831 4830->4805 4832 40140b 2 API calls 4830->4832 4831->4805 4832->4805 4833->4680 4834->4722 4835->4694 4837 4035d8 4836->4837 4838 4035ce CloseHandle 4836->4838 4839 4035e2 CloseHandle 4837->4839 4840 4035ec 4837->4840 4838->4837 4839->4840 4864 40361a 4840->4864 4843 40548b 68 API calls 4844 40342d OleUninitialize 4843->4844 4844->4700 4844->4701 4845->4715 4846->4736 4847->4751 4848->4753 4849->4757 4850->4767 4851->4775 4853 40398c 4852->4853 4863 405ac4 wsprintfA 4853->4863 4855 4039fd 4856 405b88 18 API calls 4855->4856 4857 403a09 SetWindowTextA 4856->4857 4858 40372a 4857->4858 4859 403a25 4857->4859 4858->4792 4859->4858 4860 405b88 18 API calls 4859->4860 4860->4859 4861->4788 4862->4794 4863->4855 4865 403628 4864->4865 4866 40362d FreeLibrary GlobalFree 4865->4866 4867 4035f1 4865->4867 4866->4866 4866->4867 4867->4843 5527 40263e 5528 4029f6 18 API calls 5527->5528 5529 402645 FindFirstFileA 5528->5529 5530 402668 5529->5530 5534 402658 5529->5534 5531 40266f 5530->5531 5535 405ac4 wsprintfA 5530->5535 5536 405b66 lstrcpynA 5531->5536 5535->5531 5536->5534 5537 4024be 5538 4024c3 5537->5538 5539 4024d4 5537->5539 5540 4029d9 18 API calls 5538->5540 5541 4029f6 18 API calls 5539->5541 5544 4024ca 5540->5544 5542 4024db lstrlenA 5541->5542 5542->5544 5543 40265c 5544->5543 5545 4024fa WriteFile 5544->5545 5545->5543

                                                                                                                                                                                                    Executed Functions

                                                                                                                                                                                                    Function 6C541644 Relevance: 138.8, APIs: 63, Strings: 16, Instructions: 584networkstringmemoryCOMMON
                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 205 6c541644-6c5416fe LocalAlloc * 5 InternetOpenA 206 6c541704-6c54172b InternetQueryOptionA 205->206 207 6c541db3 205->207 209 6c541745-6c54174c 206->209 210 6c54172d-6c541731 206->210 208 6c541dbd-6c541de8 LocalFree * 5 IsWindow 207->208 211 6c541dff-6c541e07 208->211 212 6c541dea-6c541df9 PostMessageA 208->212 214 6c54175d-6c541764 209->214 215 6c54174e-6c54175a InternetSetOptionA 209->215 210->209 213 6c541733-6c541743 InternetSetOptionA 210->213 212->211 213->209 216 6c541766-6c541770 InternetSetOptionA 214->216 217 6c541772-6c54177f LoadLibraryA 214->217 215->214 216->217 218 6c541785-6c541796 GetProcAddress 217->218 219 6c541d67-6c541d74 call 6c543b93 217->219 218->219 222 6c541d7a 219->222 223 6c54179b-6c5417ae lstrcmpiA 219->223 225 6c541d8a-6c541da4 InternetCloseHandle lstrcmpiA 222->225 224 6c5417b4-6c5417c0 call 6c543b93 223->224 223->225 224->225 231 6c5417c6-6c5417d9 lstrcmpiA 224->231 225->208 227 6c541da6-6c541db1 call 6c543bd7 225->227 227->208 231->225 232 6c5417df-6c541823 PostMessageA 231->232 233 6c541825-6c541860 CreateFileA 232->233 234 6c541871 232->234 235 6c541874-6c54188f 233->235 236 6c541862-6c54186c 233->236 234->235 237 6c541891-6c54189a GetFileSize 235->237 238 6c54189f-6c5418b5 InternetCrackUrlA 235->238 236->219 237->238 239 6c541d34-6c541d3e 238->239 240 6c5418bb-6c5418be 238->240 241 6c541d43-6c541d53 CloseHandle 239->241 242 6c5418c0-6c5418c6 240->242 243 6c5418ff-6c54190f lstrcatA GetTickCount 240->243 241->219 246 6c541d55-6c541d5c 241->246 242->243 244 6c5418c8-6c5418f8 wsprintfA lstrlenA call 6c541392 242->244 245 6c541914-6c54191e 243->245 244->243 248 6c541925-6c54192c 245->248 249 6c541920-6c541923 245->249 246->219 250 6c541d5e-6c541d65 246->250 252 6c54192e-6c541941 SetFilePointer 248->252 253 6c541944-6c5419a4 lstrlenA * 2 InternetConnectA 248->253 249->248 249->252 250->219 254 6c541d7c-6c541d87 DeleteFileA 250->254 252->253 255 6c541ba1-6c541bb1 253->255 256 6c5419aa-6c5419bb 253->256 254->225 257 6c541c10-6c541c1e GetLastError 255->257 258 6c541bb3-6c541bcf InternetGetLastResponseInfoA 255->258 259 6c5419c7-6c5419cb call 6c5426fb 256->259 260 6c5419bd-6c5419c5 call 6c542317 256->260 261 6c541c27-6c541c38 257->261 262 6c541c20-6c541c25 257->262 258->257 263 6c541bd1-6c541be4 call 6c54104c 258->263 269 6c5419d0 259->269 270 6c5419d3-6c5419dc 260->270 266 6c541c3d-6c541c44 261->266 262->261 262->266 263->257 278 6c541be6-6c541c0e call 6c54104c lstrcpynA 263->278 271 6c541c46-6c541c49 266->271 272 6c541c4b-6c541c53 266->272 269->270 274 6c5419de-6c5419e0 270->274 275 6c5419ef-6c5419f1 270->275 271->272 276 6c541c8f 271->276 272->276 277 6c541c55-6c541c5d 272->277 279 6c5419e6-6c5419ed InternetCloseHandle 274->279 280 6c541b8f-6c541b9c InternetCloseHandle 274->280 275->280 281 6c5419f7-6c5419fe 275->281 282 6c541c94-6c541c9b 276->282 277->282 283 6c541c5f-6c541c70 SleepEx 277->283 278->266 279->275 280->266 286 6c541a04-6c541a21 HttpQueryInfoA 281->286 287 6c541a8c-6c541b11 GetDlgItem SendDlgItemMessageA GetDlgItem SetWindowTextA GetDlgItem SetWindowTextA 281->287 289 6c541d40 282->289 290 6c541ca1-6c541ca3 282->290 283->276 288 6c541c72-6c541c89 SleepEx 283->288 291 6c541a80-6c541a87 286->291 292 6c541a23-6c541a2b 286->292 294 6c541b13-6c541b1c GetWindowLongA 287->294 295 6c541b1e-6c541b24 GetWindowLongA 287->295 288->245 288->276 289->241 290->289 293 6c541ca9-6c541cac 290->293 299 6c541b85-6c541b8c InternetCloseHandle 291->299 297 6c541a2d-6c541a3b 292->297 298 6c541a69-6c541a7a WriteFile 292->298 293->289 300 6c541cb2-6c541cb5 293->300 296 6c541b27-6c541b57 SetWindowLongA SendDlgItemMessageA call 6c541475 294->296 295->296 305 6c541b5c-6c541b65 296->305 297->291 302 6c541a3d-6c541a40 297->302 298->291 299->280 300->289 303 6c541cbb-6c541ccb ShowWindow 300->303 302->291 306 6c541a42-6c541a5f 302->306 303->289 304 6c541ccd-6c541cfc GetParent MessageBoxA 303->304 304->289 307 6c541cfe-6c541d19 ShowWindow 304->307 305->299 308 6c541b67-6c541b6d 305->308 306->291 309 6c541a61-6c541a67 306->309 307->289 310 6c541d1b-6c541d2c SleepEx 307->310 308->299 311 6c541b6f-6c541b84 HttpEndRequestA call 6c542e3f 308->311 309->302 310->245 312 6c541d32 310->312 311->299 312->241
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • LocalAlloc.KERNEL32(00000040), ref: 6C541661
                                                                                                                                                                                                    • LocalAlloc.KERNEL32(00000040), ref: 6C54166D
                                                                                                                                                                                                    • LocalAlloc.KERNEL32(00000040), ref: 6C54167B
                                                                                                                                                                                                    • LocalAlloc.KERNEL32(00000040), ref: 6C541687
                                                                                                                                                                                                    • LocalAlloc.KERNEL32(00000040), ref: 6C541696
                                                                                                                                                                                                    • InternetOpenA.WININET(InnoDownloadPlugin/1.5,00000000,00000000), ref: 6C5416F1
                                                                                                                                                                                                    • InternetQueryOptionA.WININET(00000000,00000032,00000000,?), ref: 6C54171A
                                                                                                                                                                                                    • InternetSetOptionA.WININET(00000000,00000032,?,00000008), ref: 6C541743
                                                                                                                                                                                                    • InternetSetOptionA.WININET(00000000,00000002,6C545AC4,00000004), ref: 6C541758
                                                                                                                                                                                                    • InternetSetOptionA.WININET(00000000,00000006,6C545AC8,00000004), ref: 6C541770
                                                                                                                                                                                                    • LoadLibraryA.KERNEL32(wininet.dll), ref: 6C541777
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,FtpCommandA), ref: 6C54178B
                                                                                                                                                                                                    • lstrcmpiA.KERNEL32(/end), ref: 6C5417A6
                                                                                                                                                                                                    • lstrcmpiA.KERNEL32(/end,C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_2.exe), ref: 6C5417D1
                                                                                                                                                                                                    • PostMessageA.USER32(?,00000113,00000001,00000000), ref: 6C541816
                                                                                                                                                                                                    • CreateFileA.KERNEL32(C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_2.exe,40000000,00000001,00000000,-00000002,00000000,00000000), ref: 6C541852
                                                                                                                                                                                                    • GetFileSize.KERNEL32(00000000,00000000), ref: 6C541894
                                                                                                                                                                                                      • Part of subcall function 6C5426FB: HttpOpenRequestA.WININET(?,HEAD,00000000,00000000,00000000,00000000,00000000,00000000), ref: 6C54275F
                                                                                                                                                                                                      • Part of subcall function 6C5426FB: wsprintfA.USER32 ref: 6C542789
                                                                                                                                                                                                      • Part of subcall function 6C5426FB: HttpAddRequestHeadersA.WININET(00000000,?,000000FF,A0000000), ref: 6C5427A1
                                                                                                                                                                                                      • Part of subcall function 6C5426FB: wsprintfA.USER32 ref: 6C5427BD
                                                                                                                                                                                                      • Part of subcall function 6C5426FB: HttpAddRequestHeadersA.WININET(00000000,?,000000FF,A0000000), ref: 6C5427D5
                                                                                                                                                                                                      • Part of subcall function 6C5426FB: HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 6C5427DE
                                                                                                                                                                                                      • Part of subcall function 6C5426FB: InternetReadFile.WININET(00000000,00000000,00000100,?), ref: 6C542804
                                                                                                                                                                                                      • Part of subcall function 6C5426FB: InternetErrorDlg.WININET(00000000,00002EEE,00000007,00000000), ref: 6C54283C
                                                                                                                                                                                                    • InternetCrackUrlA.WININET(00000000,00000000,0000003C), ref: 6C5418AD
                                                                                                                                                                                                    • wsprintfA.USER32 ref: 6C5418D4
                                                                                                                                                                                                    • lstrlenA.KERNEL32(6C547C30,6C547C30,6C545B30), ref: 6C5418E9
                                                                                                                                                                                                    • lstrcatA.KERNEL32(00000000,?), ref: 6C541903
                                                                                                                                                                                                    • GetTickCount.KERNEL32 ref: 6C541909
                                                                                                                                                                                                    • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000), ref: 6C54193B
                                                                                                                                                                                                    • lstrlenA.KERNEL32(?,00000003,00000000,00000000), ref: 6C541975
                                                                                                                                                                                                    • lstrlenA.KERNEL32(?,?), ref: 6C541985
                                                                                                                                                                                                    • InternetConnectA.WININET(00000000,?,?,00000000), ref: 6C54199A
                                                                                                                                                                                                    • InternetCloseHandle.WININET(00000000), ref: 6C5419E7
                                                                                                                                                                                                    • HttpQueryInfoA.WININET(00000000,00000016,6C547C30,00000000,00000000), ref: 6C541A19
                                                                                                                                                                                                    • WriteFile.KERNEL32(00000000,6C547C30,00000800,00000004,00000000), ref: 6C541A7A
                                                                                                                                                                                                    • GetDlgItem.USER32(?,000003ED), ref: 6C541A94
                                                                                                                                                                                                    • SendDlgItemMessageA.USER32(?,000003ED,00000402,00000000,00000000), ref: 6C541AAD
                                                                                                                                                                                                    • GetDlgItem.USER32(?,000003EE), ref: 6C541AD0
                                                                                                                                                                                                    • SetWindowTextA.USER32(00000000), ref: 6C541AD7
                                                                                                                                                                                                    • GetDlgItem.USER32(?,000003EC), ref: 6C541AFA
                                                                                                                                                                                                    • SetWindowTextA.USER32(00000000), ref: 6C541B01
                                                                                                                                                                                                    • GetWindowLongA.USER32(00000000,000000F0), ref: 6C541B13
                                                                                                                                                                                                    • GetWindowLongA.USER32(00000000,000000F0), ref: 6C541B1E
                                                                                                                                                                                                    • SetWindowLongA.USER32(00000000,000000F0,00000000), ref: 6C541B2B
                                                                                                                                                                                                    • SendDlgItemMessageA.USER32(?,000003ED,0000040A,00000000,00000032), ref: 6C541B4D
                                                                                                                                                                                                    • HttpEndRequestA.WININET(00000000,00000000,00000000,00000000), ref: 6C541B75
                                                                                                                                                                                                    • InternetCloseHandle.WININET(00000000), ref: 6C541B86
                                                                                                                                                                                                    • InternetCloseHandle.WININET(00000000), ref: 6C541B90
                                                                                                                                                                                                    • InternetGetLastResponseInfoA.WININET(?,6C547C30,00000000), ref: 6C541BC7
                                                                                                                                                                                                    • lstrcpynA.KERNEL32(-6C544FFC,00000000,00000020), ref: 6C541C08
                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 6C541C10
                                                                                                                                                                                                    • SleepEx.KERNEL32(000007D0,00000000), ref: 6C541C6C
                                                                                                                                                                                                    • SleepEx.KERNEL32(00000BB8,00000000), ref: 6C541C82
                                                                                                                                                                                                    • ShowWindow.USER32(?,00000000), ref: 6C541CC6
                                                                                                                                                                                                    • GetParent.USER32(?), ref: 6C541CEC
                                                                                                                                                                                                    • MessageBoxA.USER32(00000000), ref: 6C541CF3
                                                                                                                                                                                                    • ShowWindow.USER32(?,00000005), ref: 6C541D15
                                                                                                                                                                                                    • SleepEx.KERNEL32(000003E8,00000000), ref: 6C541D21
                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 6C541D46
                                                                                                                                                                                                    • DeleteFileA.KERNEL32(C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_2.exe), ref: 6C541D81
                                                                                                                                                                                                    • InternetCloseHandle.WININET(00000000), ref: 6C541D8B
                                                                                                                                                                                                    • lstrcmpiA.KERNEL32(/end), ref: 6C541D9C
                                                                                                                                                                                                    • LocalFree.KERNEL32(?), ref: 6C541DC6
                                                                                                                                                                                                    • LocalFree.KERNEL32(00000000), ref: 6C541DC9
                                                                                                                                                                                                    • LocalFree.KERNEL32(?), ref: 6C541DCE
                                                                                                                                                                                                    • LocalFree.KERNEL32(?), ref: 6C541DD3
                                                                                                                                                                                                    • LocalFree.KERNEL32(?), ref: 6C541DD8
                                                                                                                                                                                                    • IsWindow.USER32(?), ref: 6C541DDD
                                                                                                                                                                                                    • PostMessageA.USER32(?,00000111,FFEE0001,00000000), ref: 6C541DF9
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000003.00000002.3254939774.000000006C541000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C540000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000003.00000002.3254884453.000000006C540000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3255017366.000000006C544000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3255091430.000000006C545000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3255174173.000000006C549000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c540000_setup.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Internet$Local$Window$FileHttp$AllocCloseFreeHandleItemMessageRequest$Option$LongSendSleeplstrcmpilstrlenwsprintf$ErrorHeadersInfoLastOpenPostQueryShowText$AddressConnectCountCrackCreateDeleteLibraryLoadParentPointerProcReadResponseSizeTickWritelstrcatlstrcpyn
                                                                                                                                                                                                    • String ID: %s:%s$(XTl$/end$0|Tl$530$<$C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_2.exe$FtpCommandA$Inetc plug-in$InnoDownloadPlugin/1.5$Not Available$PATl$PATl$Unknown$Your internet connection seems to be not permitted or dropped out!Please reconnect and click Retry to resume installation.$wininet.dll
                                                                                                                                                                                                    • API String ID: 208045817-3920404030
                                                                                                                                                                                                    • Opcode ID: acbb794c23231bd3fddf07913ba422aeb3da7c720dd2001c6428d48529740b75
                                                                                                                                                                                                    • Instruction ID: af61771608440cd23dd345d28e92d851bad58fd49fb24bb3a77770c78f671ed8
                                                                                                                                                                                                    • Opcode Fuzzy Hash: acbb794c23231bd3fddf07913ba422aeb3da7c720dd2001c6428d48529740b75
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4522A071A45304EFEF11AFA5CC88BAE3BB9FB0630AF52C529E515EA590D7308850DB58
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 0040323C Relevance: 68.5, APIs: 23, Strings: 16, Instructions: 270filestringcomCOMMON
                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 315 40323c-4032d1 #17 SetErrorMode OleInitialize call 405e88 SHGetFileInfoA call 405b66 GetCommandLineA call 405b66 GetModuleHandleA 322 4032d3-4032d8 315->322 323 4032dd-4032f2 call 405684 CharNextA 315->323 322->323 326 403357-40335b 323->326 327 4032f4-4032f7 326->327 328 40335d 326->328 329 4032f9-4032fd 327->329 330 4032ff-403307 327->330 331 403370-403388 GetTempPathA call 403208 328->331 329->329 329->330 332 403309-40330a 330->332 333 40330f-403312 330->333 341 4033aa-4033c1 DeleteFileA call 402c72 331->341 342 40338a-4033a8 GetWindowsDirectoryA lstrcatA call 403208 331->342 332->333 335 403314-403318 333->335 336 403347-403354 call 405684 333->336 339 403328-40332e 335->339 340 40331a-403323 335->340 336->326 353 403356 336->353 343 403330-403339 339->343 344 40333e-403345 339->344 340->339 347 403325 340->347 354 403428-403437 call 4035bd OleUninitialize 341->354 355 4033c3-4033c9 341->355 342->341 342->354 343->344 350 40333b 343->350 344->336 351 40335f-40336b call 405b66 344->351 347->339 350->344 351->331 353->326 365 403522-403528 354->365 366 40343d-40344d call 405427 ExitProcess 354->366 357 403418-40341f call 4036af 355->357 358 4033cb-4033d4 call 405684 355->358 363 403424 357->363 369 4033df-4033e1 358->369 363->354 367 4035a5-4035ad 365->367 368 40352a-403547 call 405e88 * 3 365->368 372 4035b3-4035b7 ExitProcess 367->372 373 4035af 367->373 397 403591-40359c ExitWindowsEx 368->397 398 403549-40354b 368->398 374 4033e3-4033ed 369->374 375 4033d6-4033dc 369->375 373->372 379 403453-40346d lstrcatA lstrcmpiA 374->379 380 4033ef-4033fc call 40573a 374->380 375->374 378 4033de 375->378 378->369 379->354 383 40346f-403484 CreateDirectoryA SetCurrentDirectoryA 379->383 380->354 391 4033fe-403414 call 405b66 * 2 380->391 386 403491-4034ab call 405b66 383->386 387 403486-40348c call 405b66 383->387 396 4034b0-4034cc call 405b88 DeleteFileA 386->396 387->386 391->357 407 40350d-403514 396->407 408 4034ce-4034de CopyFileA 396->408 397->367 401 40359e-4035a0 call 40140b 397->401 398->397 402 40354d-40354f 398->402 401->367 402->397 406 403551-403563 GetCurrentProcess 402->406 406->397 412 403565-403587 406->412 407->396 410 403516-40351d call 4058b4 407->410 408->407 411 4034e0-403500 call 4058b4 call 405b88 call 4053c6 408->411 410->354 411->407 422 403502-403509 CloseHandle 411->422 412->397 422->407
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • #17.COMCTL32 ref: 0040325B
                                                                                                                                                                                                    • SetErrorMode.KERNEL32(00008001), ref: 00403266
                                                                                                                                                                                                    • OleInitialize.OLE32(00000000), ref: 0040326D
                                                                                                                                                                                                      • Part of subcall function 00405E88: GetModuleHandleA.KERNEL32(?,?,00000000,0040327F,00000008), ref: 00405E9A
                                                                                                                                                                                                      • Part of subcall function 00405E88: LoadLibraryA.KERNEL32(?,?,00000000,0040327F,00000008), ref: 00405EA5
                                                                                                                                                                                                      • Part of subcall function 00405E88: GetProcAddress.KERNEL32(00000000,?), ref: 00405EB6
                                                                                                                                                                                                    • SHGetFileInfoA.SHELL32(0041F458,00000000,?,00000160,00000000,00000008), ref: 00403295
                                                                                                                                                                                                      • Part of subcall function 00405B66: lstrcpynA.KERNEL32(?,?,00000400,004032AA,Real Files,NSIS Error), ref: 00405B73
                                                                                                                                                                                                    • GetCommandLineA.KERNEL32(Real Files,NSIS Error), ref: 004032AA
                                                                                                                                                                                                    • GetModuleHandleA.KERNEL32(00000000,"C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exe",00000000), ref: 004032BD
                                                                                                                                                                                                    • CharNextA.USER32(00000000,"C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exe",00000020), ref: 004032E8
                                                                                                                                                                                                    • GetTempPathA.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\,00000000,00000020), ref: 0040337B
                                                                                                                                                                                                    • GetWindowsDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB), ref: 00403390
                                                                                                                                                                                                    • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp), ref: 0040339C
                                                                                                                                                                                                    • DeleteFileA.KERNEL32(1033), ref: 004033AF
                                                                                                                                                                                                    • OleUninitialize.OLE32(00000000), ref: 0040342D
                                                                                                                                                                                                    • ExitProcess.KERNEL32 ref: 0040344D
                                                                                                                                                                                                    • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,~nsu.tmp,"C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exe",00000000,00000000), ref: 00403459
                                                                                                                                                                                                    • lstrcmpiA.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp), ref: 00403465
                                                                                                                                                                                                    • CreateDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\,00000000), ref: 00403471
                                                                                                                                                                                                    • SetCurrentDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\), ref: 00403478
                                                                                                                                                                                                    • DeleteFileA.KERNEL32(0041F058,0041F058,?,00424000,?), ref: 004034C2
                                                                                                                                                                                                    • CopyFileA.KERNEL32(C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exe,0041F058,00000001), ref: 004034D6
                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,0041F058,0041F058,?,0041F058,00000000), ref: 00403503
                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(00000028,?,00000005,00000004,00000003), ref: 00403558
                                                                                                                                                                                                    • ExitWindowsEx.USER32(00000002,00000000), ref: 00403594
                                                                                                                                                                                                    • ExitProcess.KERNEL32 ref: 004035B7
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000003.00000002.3232527221.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000003.00000002.3231937854.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233147250.0000000000407000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000429000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3235230325.0000000000436000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_setup.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: File$DirectoryExitHandleProcess$CurrentDeleteModuleWindowslstrcat$AddressCharCloseCommandCopyCreateErrorInfoInitializeLibraryLineLoadModeNextPathProcTempUninitializelstrcmpilstrcpyn
                                                                                                                                                                                                    • String ID: /D=$ _?=$"$"C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exe"$1033$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp$C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exe$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$NCRC$NSIS Error$Real Files$SeShutdownPrivilege$\Temp$~nsu.tmp
                                                                                                                                                                                                    • API String ID: 2278157092-2740782563
                                                                                                                                                                                                    • Opcode ID: 53a535f831dc2d0f2957bea1663804e085942d9cd57d3f2808feef199e919f3e
                                                                                                                                                                                                    • Instruction ID: d9df3101e86bd055252ea398e1a167ecdf9755d8b7b18b8fa076e16bcd865dbe
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 53a535f831dc2d0f2957bea1663804e085942d9cd57d3f2808feef199e919f3e
                                                                                                                                                                                                    • Instruction Fuzzy Hash: E191D231A087417EE7216F609D49B2B7EACEB01306F44457BF941B61E2C77CAE058B6E
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00405042 Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 278windowclipboardmemoryCOMMON
                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 423 405042-40505d 424 405063-40512c GetDlgItem * 3 call 403f4d call 4047a6 GetClientRect GetSystemMetrics SendMessageA * 2 423->424 425 4051ee-4051f5 423->425 445 40514a-40514d 424->445 446 40512e-405148 SendMessageA * 2 424->446 427 4051f7-405219 GetDlgItem CreateThread CloseHandle 425->427 428 40521f-40522c 425->428 427->428 430 40524a-405251 428->430 431 40522e-405234 428->431 435 405253-405259 430->435 436 4052a8-4052ac 430->436 433 405236-405245 ShowWindow * 2 call 403f4d 431->433 434 40526c-405275 call 403f7f 431->434 433->430 449 40527a-40527e 434->449 440 405281-405291 ShowWindow 435->440 441 40525b-405267 call 403ef1 435->441 436->434 438 4052ae-4052b1 436->438 438->434 447 4052b3-4052c6 SendMessageA 438->447 443 4052a1-4052a3 call 403ef1 440->443 444 405293-40529c call 404f04 440->444 441->434 443->436 444->443 452 40515d-405174 call 403f18 445->452 453 40514f-40515b SendMessageA 445->453 446->445 454 4052cc-4052ed CreatePopupMenu call 405b88 AppendMenuA 447->454 455 4053bf-4053c1 447->455 462 405176-40518a ShowWindow 452->462 463 4051aa-4051cb GetDlgItem SendMessageA 452->463 453->452 460 405302-405308 454->460 461 4052ef-405300 GetWindowRect 454->461 455->449 465 40530b-405323 TrackPopupMenu 460->465 461->465 466 405199 462->466 467 40518c-405197 ShowWindow 462->467 463->455 464 4051d1-4051e9 SendMessageA * 2 463->464 464->455 465->455 468 405329-405340 465->468 469 40519f-4051a5 call 403f4d 466->469 467->469 470 405345-405360 SendMessageA 468->470 469->463 470->470 472 405362-405382 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 470->472 473 405384-4053a3 SendMessageA 472->473 473->473 474 4053a5-4053b9 GlobalUnlock SetClipboardData CloseClipboard 473->474 474->455
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetDlgItem.USER32(?,00000403), ref: 004050A1
                                                                                                                                                                                                    • GetDlgItem.USER32(?,000003EE), ref: 004050B0
                                                                                                                                                                                                    • GetClientRect.USER32(?,?), ref: 004050ED
                                                                                                                                                                                                    • GetSystemMetrics.USER32(00000015), ref: 004050F5
                                                                                                                                                                                                    • SendMessageA.USER32(?,0000101B,00000000,00000002), ref: 00405116
                                                                                                                                                                                                    • SendMessageA.USER32(?,00001036,00004000,00004000), ref: 00405127
                                                                                                                                                                                                    • SendMessageA.USER32(?,00001001,00000000,00000110), ref: 0040513A
                                                                                                                                                                                                    • SendMessageA.USER32(?,00001026,00000000,00000110), ref: 00405148
                                                                                                                                                                                                    • SendMessageA.USER32(?,00001024,00000000,?), ref: 0040515B
                                                                                                                                                                                                    • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 0040517D
                                                                                                                                                                                                    • ShowWindow.USER32(?,00000008), ref: 00405191
                                                                                                                                                                                                    • GetDlgItem.USER32(?,000003EC), ref: 004051B2
                                                                                                                                                                                                    • SendMessageA.USER32(00000000,00000401,00000000,75300000), ref: 004051C2
                                                                                                                                                                                                    • SendMessageA.USER32(00000000,00000409,00000000,?), ref: 004051DB
                                                                                                                                                                                                    • SendMessageA.USER32(00000000,00002001,00000000,00000110), ref: 004051E7
                                                                                                                                                                                                    • GetDlgItem.USER32(?,000003F8), ref: 004050BF
                                                                                                                                                                                                      • Part of subcall function 00403F4D: SendMessageA.USER32(00000028,?,00000001,00403D7E), ref: 00403F5B
                                                                                                                                                                                                    • GetDlgItem.USER32(?,000003EC), ref: 00405204
                                                                                                                                                                                                    • CreateThread.KERNEL32(00000000,00000000,Function_00004FD6,00000000), ref: 00405212
                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 00405219
                                                                                                                                                                                                    • ShowWindow.USER32(00000000), ref: 0040523D
                                                                                                                                                                                                    • ShowWindow.USER32(00080024,00000008), ref: 00405242
                                                                                                                                                                                                    • ShowWindow.USER32(00000008), ref: 00405289
                                                                                                                                                                                                    • SendMessageA.USER32(00080024,00001004,00000000,00000000), ref: 004052BB
                                                                                                                                                                                                    • CreatePopupMenu.USER32 ref: 004052CC
                                                                                                                                                                                                    • AppendMenuA.USER32(00000000,00000000,00000001,00000000), ref: 004052E1
                                                                                                                                                                                                    • GetWindowRect.USER32(00080024,?), ref: 004052F4
                                                                                                                                                                                                    • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 00405318
                                                                                                                                                                                                    • SendMessageA.USER32(?,0000102D,00000000,?), ref: 00405353
                                                                                                                                                                                                    • OpenClipboard.USER32(00000000), ref: 00405363
                                                                                                                                                                                                    • EmptyClipboard.USER32 ref: 00405369
                                                                                                                                                                                                    • GlobalAlloc.KERNEL32(00000042,?,?,?,00000000,?,00000000), ref: 00405372
                                                                                                                                                                                                    • GlobalLock.KERNEL32(00000000,?,?,00000000,?,00000000), ref: 0040537C
                                                                                                                                                                                                    • SendMessageA.USER32(?,0000102D,00000000,?), ref: 00405390
                                                                                                                                                                                                    • GlobalUnlock.KERNEL32(00000000,?,?,00000000,?,00000000), ref: 004053A8
                                                                                                                                                                                                    • SetClipboardData.USER32(00000001,00000000), ref: 004053B3
                                                                                                                                                                                                    • CloseClipboard.USER32 ref: 004053B9
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000003.00000002.3232527221.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000003.00000002.3231937854.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233147250.0000000000407000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000429000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3235230325.0000000000436000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_setup.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                                                                                                                                                                                    • String ID: {
                                                                                                                                                                                                    • API String ID: 590372296-366298937
                                                                                                                                                                                                    • Opcode ID: 5aa5e299d21103ac010b4f938d0fd54a6532c41be376ce1bb5dd201a3ba19c05
                                                                                                                                                                                                    • Instruction ID: b28aa7ce0402c6385ba5b6cd868a6258f1d07b471923b7bae974b2a68da01879
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5aa5e299d21103ac010b4f938d0fd54a6532c41be376ce1bb5dd201a3ba19c05
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 34A14870904208FFDB219F60DD89AAE7F79FB08355F00417AFA05BA2A0C7795A41DF69
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 0040548B Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 156filestringCOMMON
                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 900 40548b-4054a6 call 40573a 903 4054a8-4054ba DeleteFileA 900->903 904 4054bf-4054c9 900->904 905 405653-405656 903->905 906 4054cb-4054cd 904->906 907 4054dd-4054eb call 405b66 904->907 908 4054d3-4054d7 906->908 909 4055fe-405604 906->909 915 4054fa-4054fb call 4056a0 907->915 916 4054ed-4054f8 lstrcatA 907->916 908->907 908->909 909->905 911 405606-405609 909->911 913 405613-40561b call 405e61 911->913 914 40560b-405611 911->914 913->905 924 40561d-405632 call 405659 call 40581e RemoveDirectoryA 913->924 914->905 918 405500-405503 915->918 916->918 921 405505-40550c 918->921 922 40550e-405514 lstrcatA 918->922 921->922 923 405519-405537 lstrlenA FindFirstFileA 921->923 922->923 925 4055f4-4055f8 923->925 926 40553d-405554 call 405684 923->926 939 405634-405638 924->939 940 40564b-40564e call 404f04 924->940 925->909 928 4055fa 925->928 933 405556-40555a 926->933 934 40555f-405562 926->934 928->909 933->934 936 40555c 933->936 937 405564-405569 934->937 938 405575-405583 call 405b66 934->938 936->934 942 4055d3-4055e5 FindNextFileA 937->942 943 40556b-40556d 937->943 951 405585-40558d 938->951 952 40559a-4055a9 call 40581e DeleteFileA 938->952 939->914 945 40563a-405649 call 404f04 call 4058b4 939->945 940->905 942->926 948 4055eb-4055ee FindClose 942->948 943->938 946 40556f-405573 943->946 945->905 946->938 946->942 948->925 951->942 955 40558f-405598 call 40548b 951->955 960 4055cb-4055ce call 404f04 952->960 961 4055ab-4055af 952->961 955->942 960->942 962 4055b1-4055c1 call 404f04 call 4058b4 961->962 963 4055c3-4055c9 961->963 962->942 963->942
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • DeleteFileA.KERNEL32(?,?,"C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exe",75922EE0), ref: 004054A9
                                                                                                                                                                                                    • lstrcatA.KERNEL32(004214A8,\*.*,004214A8,?,00000000,?,"C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exe",75922EE0), ref: 004054F3
                                                                                                                                                                                                    • lstrcatA.KERNEL32(?,00409010,?,004214A8,?,00000000,?,"C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exe",75922EE0), ref: 00405514
                                                                                                                                                                                                    • lstrlenA.KERNEL32(?,?,00409010,?,004214A8,?,00000000,?,"C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exe",75922EE0), ref: 0040551A
                                                                                                                                                                                                    • FindFirstFileA.KERNEL32(004214A8,?,?,?,00409010,?,004214A8,?,00000000,?,"C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exe",75922EE0), ref: 0040552B
                                                                                                                                                                                                    • FindNextFileA.KERNEL32(?,00000010,000000F2,?), ref: 004055DD
                                                                                                                                                                                                    • FindClose.KERNEL32(?), ref: 004055EE
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • C:\Users\user\AppData\Local\Temp\, xrefs: 0040548B
                                                                                                                                                                                                    • \*.*, xrefs: 004054ED
                                                                                                                                                                                                    • "C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exe", xrefs: 00405495
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000003.00000002.3232527221.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000003.00000002.3231937854.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233147250.0000000000407000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000429000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3235230325.0000000000436000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_setup.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                                                                                                                                                    • String ID: "C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exe"$C:\Users\user\AppData\Local\Temp\$\*.*
                                                                                                                                                                                                    • API String ID: 2035342205-268660099
                                                                                                                                                                                                    • Opcode ID: 6c8ee5a3fe02bedcc3e1648cc4c34db6c3543f7bd00f265664a9289eb0c65dd6
                                                                                                                                                                                                    • Instruction ID: bc429f5d1e1b14784ce7e3564347ec6ed469848bfd5577fff983359c073685a4
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6c8ee5a3fe02bedcc3e1648cc4c34db6c3543f7bd00f265664a9289eb0c65dd6
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0351F331904A447ADB216B218C45BBF3B79CF42728F54847BF905711E2CB3C5A82DE6E
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 6C541475 Relevance: 6.1, APIs: 4, Instructions: 112filenetworkCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • ReadFile.KERNEL32(00000000,6C545C30,00002000,00000000,00000000,?,?,?,6C541B5C,00000000,00000000), ref: 6C5414AE
                                                                                                                                                                                                    • InternetWriteFile.WININET(6C541B5C,6C545C30,00000000,00000000), ref: 6C5414D4
                                                                                                                                                                                                    • InternetReadFile.WININET(6C541B5C,6C545C30,00002000,00000000), ref: 6C541512
                                                                                                                                                                                                    • WriteFile.KERNEL32(00000000,6C545C30,00000000,00000000,00000000,?,?,?,6C541B5C,00000000,00000000), ref: 6C541581
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000003.00000002.3254939774.000000006C541000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C540000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000003.00000002.3254884453.000000006C540000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3255017366.000000006C544000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3255091430.000000006C545000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3255174173.000000006C549000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c540000_setup.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: File$InternetReadWrite
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1380539803-0
                                                                                                                                                                                                    • Opcode ID: 5a39346cfeecb5477b312ab6e759d0524a02362536e67770648c6099b7128414
                                                                                                                                                                                                    • Instruction ID: 08c34f361d4cf180d94ccf0a2a435a5ce40fc9de8fb5d54a64f45eb762172f83
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5a39346cfeecb5477b312ab6e759d0524a02362536e67770648c6099b7128414
                                                                                                                                                                                                    • Instruction Fuzzy Hash: EF418F71B06108EFEF04DF56CD88AEA77B6EB0234DBA1C12AE6039A941E730D951CF54
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00406131 Relevance: 5.4, APIs: 4, Instructions: 382COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000003.00000002.3232527221.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000003.00000002.3231937854.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233147250.0000000000407000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000429000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3235230325.0000000000436000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_setup.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: d33a5f9df5361017a2c2cd63e74982cac3414c6cd2676332625b738f25334a08
                                                                                                                                                                                                    • Instruction ID: 7fe690cacb8e5da35aefc448adc87e2f65dc6f56ff44dc44b78e187fa59068bd
                                                                                                                                                                                                    • Opcode Fuzzy Hash: d33a5f9df5361017a2c2cd63e74982cac3414c6cd2676332625b738f25334a08
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 70F16871D00229CBDF28CFA8C8946ADBBB1FF44305F25816ED856BB281D7785A96CF44
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00405E88 Relevance: 4.5, APIs: 3, Instructions: 20libraryloaderCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetModuleHandleA.KERNEL32(?,?,00000000,0040327F,00000008), ref: 00405E9A
                                                                                                                                                                                                    • LoadLibraryA.KERNEL32(?,?,00000000,0040327F,00000008), ref: 00405EA5
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,?), ref: 00405EB6
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000003.00000002.3232527221.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000003.00000002.3231937854.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233147250.0000000000407000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000429000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3235230325.0000000000436000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_setup.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: AddressHandleLibraryLoadModuleProc
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 310444273-0
                                                                                                                                                                                                    • Opcode ID: cda0668070076e7cac62d6abfc32be1e4fdfe709f191786036c768239460f4b3
                                                                                                                                                                                                    • Instruction ID: 91087f9554edebef2dfdad95906e97f440013226b38390424b9c6ad62026e406
                                                                                                                                                                                                    • Opcode Fuzzy Hash: cda0668070076e7cac62d6abfc32be1e4fdfe709f191786036c768239460f4b3
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0FE08C32A08511BBD3115B30ED0896B77A8EA89B41304083EF959F6290D734EC119BFA
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00405E61 Relevance: 3.0, APIs: 2, Instructions: 14fileCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • FindFirstFileA.KERNEL32(?,004224F0,004218A8,0040577D,004218A8,004218A8,00000000,004218A8,004218A8,?,?,75922EE0,0040549F,?,"C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exe",75922EE0), ref: 00405E6C
                                                                                                                                                                                                    • FindClose.KERNEL32(00000000), ref: 00405E78
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000003.00000002.3232527221.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000003.00000002.3231937854.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233147250.0000000000407000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000429000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3235230325.0000000000436000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_setup.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Find$CloseFileFirst
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2295610775-0
                                                                                                                                                                                                    • Opcode ID: a0d9290738f1f02d4b3743de2211279f78b4a64d0718c2c828088997ee3199ab
                                                                                                                                                                                                    • Instruction ID: f2fe444ddfa45285d6a9eb51d657c4c39712a0d2250b7f8498e11f87d01b5aa3
                                                                                                                                                                                                    • Opcode Fuzzy Hash: a0d9290738f1f02d4b3743de2211279f78b4a64d0718c2c828088997ee3199ab
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 26D012359495206FC7001738AD0C85B7A58EF553347508B32F969F62E0C7B4AD51DAED
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 6C543033 Relevance: 237.0, APIs: 89, Strings: 46, Instructions: 756stringwindowmemoryCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • LocalAlloc.KERNEL32(00000040,?), ref: 6C5430E0
                                                                                                                                                                                                    • lstrcpyA.KERNEL32(00000000), ref: 6C54310E
                                                                                                                                                                                                    • lstrlenA.KERNEL32 ref: 6C543116
                                                                                                                                                                                                    • lstrcmpiA.KERNEL32(059CE440,/silent), ref: 6C543167
                                                                                                                                                                                                    • lstrcmpiA.KERNEL32(/weaksecurity), ref: 6C543183
                                                                                                                                                                                                    • lstrcpyA.KERNEL32(InnoDownloadPlugin/1.5,NSIS_Inetc (Mozilla),059CE440,00000000), ref: 6C543631
                                                                                                                                                                                                    • wsprintfA.USER32 ref: 6C543658
                                                                                                                                                                                                    • lstrlenA.KERNEL32(059CE440,059CE440,6C545BB0), ref: 6C54366D
                                                                                                                                                                                                    • FindWindowExA.USER32(?,00000000,#32770,00000000), ref: 6C54368D
                                                                                                                                                                                                    • SetDlgItemTextA.USER32(00000000,000003EE,6C545828), ref: 6C5436C0
                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 6C5436C9
                                                                                                                                                                                                    • #17.COMCTL32(059CE440,00000000), ref: 6C5436ED
                                                                                                                                                                                                    • GetWindowLongA.USER32(00020506,000000F0), ref: 6C54373B
                                                                                                                                                                                                    • SetWindowLongA.USER32(000000F0,00000000), ref: 6C54374F
                                                                                                                                                                                                    • GetTickCount.KERNEL32 ref: 6C543755
                                                                                                                                                                                                      • Part of subcall function 6C543B93: lstrcpyA.KERNEL32(00000000,759183C4,759183C0), ref: 6C543BB4
                                                                                                                                                                                                      • Part of subcall function 6C543B93: GlobalFree.KERNEL32(759183C0), ref: 6C543BC5
                                                                                                                                                                                                    • CreateDialogParamA.USER32(?,00020506,6C541185,00000000), ref: 6C54379B
                                                                                                                                                                                                    • CreateThread.KERNEL32(00000000,00000000,6C541644,00000000,00000000,?), ref: 6C5437BD
                                                                                                                                                                                                    • GetDlgItem.USER32(00000403), ref: 6C5437DE
                                                                                                                                                                                                    • GetDlgItem.USER32(000003F8), ref: 6C5437ED
                                                                                                                                                                                                    • ShowWindow.USER32(00000001), ref: 6C543810
                                                                                                                                                                                                    • GetWindowLongA.USER32(00000000,000000F0), ref: 6C543837
                                                                                                                                                                                                    • EnableWindow.USER32(00000000,00000000), ref: 6C543843
                                                                                                                                                                                                    • IsWindowVisible.USER32(00000000), ref: 6C54384E
                                                                                                                                                                                                    • ShowWindow.USER32(00000000,00000000), ref: 6C54385A
                                                                                                                                                                                                    • KiUserCallbackDispatcher.NTDLL(?,00000000,00000000,00000000), ref: 6C54386B
                                                                                                                                                                                                    • IsDialogMessageA.USER32(?), ref: 6C54387F
                                                                                                                                                                                                    • IsDialogMessageA.USER32(?,?), ref: 6C543890
                                                                                                                                                                                                    • TranslateMessage.USER32(?), ref: 6C54389E
                                                                                                                                                                                                    • DispatchMessageA.USER32(?), ref: 6C5438AC
                                                                                                                                                                                                    • IsWindow.USER32 ref: 6C5438B8
                                                                                                                                                                                                    • WaitForSingleObject.KERNEL32(00000000,00000BB8), ref: 6C5438C8
                                                                                                                                                                                                    • TerminateThread.KERNEL32(00000000,00000001), ref: 6C5438DA
                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 6C5438EB
                                                                                                                                                                                                    • SetDlgItemTextA.USER32(00020506,000003EE,6C544150), ref: 6C543916
                                                                                                                                                                                                    • SetWindowLongA.USER32(00000000,000000F0,00000000), ref: 6C543933
                                                                                                                                                                                                    • ShowWindow.USER32(00000000,00000005), ref: 6C543946
                                                                                                                                                                                                    • DestroyWindow.USER32 ref: 6C54395E
                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 6C543970
                                                                                                                                                                                                    • lstrlenA.KERNEL32(-6C544FFC, (Err=%d),00000000), ref: 6C54398A
                                                                                                                                                                                                    • wsprintfA.USER32 ref: 6C5439A2
                                                                                                                                                                                                    • lstrcmpiA.KERNEL32(/end), ref: 6C5439CB
                                                                                                                                                                                                    • LocalFree.KERNEL32 ref: 6C5439D7
                                                                                                                                                                                                    • LocalFree.KERNEL32(00000000), ref: 6C5439E7
                                                                                                                                                                                                    • LocalFree.KERNEL32(00000000), ref: 6C5439FC
                                                                                                                                                                                                    • LocalFree.KERNEL32(00000000), ref: 6C543A0C
                                                                                                                                                                                                    • LocalFree.KERNEL32(00000000), ref: 6C543A1C
                                                                                                                                                                                                    • LocalFree.KERNEL32(00000000), ref: 6C543A2C
                                                                                                                                                                                                    • LocalFree.KERNEL32(00000000), ref: 6C543A3C
                                                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000), ref: 6C543AA4
                                                                                                                                                                                                    • LocalAlloc.KERNEL32(00000040,00000001), ref: 6C543AB2
                                                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,000000FF,00000000,00000000,00000000,00000000), ref: 6C543ACE
                                                                                                                                                                                                    • LocalFree.KERNEL32(00000000), ref: 6C543ADB
                                                                                                                                                                                                    • LocalFree.KERNEL32(00000000), ref: 6C543AEF
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000003.00000002.3254939774.000000006C541000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C540000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000003.00000002.3254884453.000000006C540000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3255017366.000000006C544000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3255091430.000000006C545000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3255174173.000000006C549000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c540000_setup.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Window$Local$Free$ItemLongMessage$DialogShowlstrcmpilstrcpylstrlen$AllocByteCharCloseCreateHandleMultiTextThreadWidewsprintf$CallbackCountDestroyDispatchDispatcherEnableErrorFindGlobalLastObjectParamSingleTerminateTickTranslateUserVisibleWait
                                                                                                                                                                                                    • String ID: (%d %s%s remaining)$ (Err=%d)$#32770$%dkB (%d%%) of %dkB @ %d.%01dkB/s$%s:%s$(XTl$/banner$/canceltext$/caption$/connecttimeout$/end$/file$/header$/nocancel$/nocookies$/noproxy$/password$/popup$/proxy$/question$/receivetimeout$/resume$/silent$/tostack$/tostackconv$/translate$/useragent$/username$/weaksecurity$Are you sure that you want to stop download?$C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_2.exe$Connecting$Connecting$Connecting ...$Downloading$Downloading %s$Filename: %s$Inetc plug-in$InnoDownloadPlugin/1.5$NSIS_Inetc (Mozilla)$Your internet connection seems to be not permitted or dropped out!Please reconnect and click Retry to resume installation.$file$hour$minute$second${m<
                                                                                                                                                                                                    • API String ID: 3575079251-4044027841
                                                                                                                                                                                                    • Opcode ID: 2bfd194a9f4238fc20909eea73ec300e687aef542b1ce5d60752cb67644af27a
                                                                                                                                                                                                    • Instruction ID: d8ea4ec6f76d26b54efb949ad7d3c571162ee9dfae3276895c7da30ca8071924
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2bfd194a9f4238fc20909eea73ec300e687aef542b1ce5d60752cb67644af27a
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 04426B70785342EFEF01FF66CC49B5A3BB9EB0674EF92C525E51597A60D73088188B28
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 6C541E66 Relevance: 63.2, APIs: 29, Strings: 7, Instructions: 164windowtimeCOMMON
                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetDlgItem.USER32(?,00000002), ref: 6C541E74
                                                                                                                                                                                                    • GetDlgItem.USER32(?,000003ED), ref: 6C541E95
                                                                                                                                                                                                    • GetDlgItem.USER32(000003EC), ref: 6C541EA9
                                                                                                                                                                                                    • GetWindowLongA.USER32(00000000,000000F0), ref: 6C541EBD
                                                                                                                                                                                                    • SetWindowLongA.USER32(?,000000F0,56000000), ref: 6C541ECE
                                                                                                                                                                                                    • SendMessageA.USER32(00000031,00000000,00000000), ref: 6C541EE9
                                                                                                                                                                                                    • SendDlgItemMessageA.USER32(?,000003E9,00000030,00000000,00000000), ref: 6C541F01
                                                                                                                                                                                                    • SendDlgItemMessageA.USER32(?,00000002,00000030,?,00000000), ref: 6C541F0D
                                                                                                                                                                                                    • GetParent.USER32(00000002), ref: 6C541F27
                                                                                                                                                                                                    • GetDlgItem.USER32(00000000), ref: 6C541F2E
                                                                                                                                                                                                    • GetWindowTextA.USER32(00000000), ref: 6C541F35
                                                                                                                                                                                                    • SetWindowTextA.USER32(00000000,6C5457E8), ref: 6C541F41
                                                                                                                                                                                                    • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000003,?,?,?,?,?,?,6C5412E4,?), ref: 6C541F53
                                                                                                                                                                                                    • ShowWindow.USER32(00000000,00000000,?,?,?,?,?,?,6C5412E4,?), ref: 6C541F69
                                                                                                                                                                                                    • GetWindowLongA.USER32(?,000000F0), ref: 6C541F7B
                                                                                                                                                                                                    • SetWindowLongA.USER32(?,000000F0,00000000), ref: 6C541F8A
                                                                                                                                                                                                    • SendDlgItemMessageA.USER32(?,000003ED,00000401,00000000,01900000), ref: 6C541FA2
                                                                                                                                                                                                    • GetModuleHandleA.KERNEL32(00000000,00000067,00000000,?,?,?,?,?,?,6C5412E4,?), ref: 6C541FB9
                                                                                                                                                                                                    • LoadIconA.USER32(00000000), ref: 6C541FC0
                                                                                                                                                                                                    • SendDlgItemMessageA.USER32(?,000003F1,00000170,00000000), ref: 6C541FD2
                                                                                                                                                                                                    • SetDlgItemTextA.USER32(?,000003F0), ref: 6C541FE0
                                                                                                                                                                                                    • SetWindowTextA.USER32(?,6C545828), ref: 6C541FF8
                                                                                                                                                                                                    • SetTimer.USER32(?,00000001,000003E8,00000000), ref: 6C542008
                                                                                                                                                                                                    • SetDlgItemTextA.USER32(?,000003F1,6C545AF0), ref: 6C542022
                                                                                                                                                                                                    • SetDlgItemTextA.USER32(?,000003F2,Downloading %s), ref: 6C54202F
                                                                                                                                                                                                    • SetDlgItemTextA.USER32(?,000003F3,Connecting ...), ref: 6C54203C
                                                                                                                                                                                                    • SetDlgItemTextA.USER32(?,000003F4,%dkB (%d%%) of %dkB @ %d.%01dkB/s), ref: 6C542049
                                                                                                                                                                                                    • SetDlgItemTextA.USER32(?,000003F5,second), ref: 6C542056
                                                                                                                                                                                                    • SetDlgItemTextA.USER32(?,000003F6, (%d %s%s remaining)), ref: 6C542063
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000003.00000002.3254939774.000000006C541000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C540000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000003.00000002.3254884453.000000006C540000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3255017366.000000006C544000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3255091430.000000006C545000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3255174173.000000006C549000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c540000_setup.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Item$Text$Window$MessageSend$Long$HandleIconLoadModuleParentShowTimer
                                                                                                                                                                                                    • String ID: (%d %s%s remaining)$%dkB (%d%%) of %dkB @ %d.%01dkB/s$(XTl$Connecting ...$Downloading %s$Inetc plug-in$second
                                                                                                                                                                                                    • API String ID: 3891978239-3076578654
                                                                                                                                                                                                    • Opcode ID: d37137adcdaf7c7b15dbd4555d0345e12433cc3403d7422b31ae9712236a0170
                                                                                                                                                                                                    • Instruction ID: a693ef38d7659c6462a0d089d06e37dd112fa34392ac59f5d52dd20c4d7a2f22
                                                                                                                                                                                                    • Opcode Fuzzy Hash: d37137adcdaf7c7b15dbd4555d0345e12433cc3403d7422b31ae9712236a0170
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8C51A3317C5655BBFB127B608C4AF6F3A7DEB4274AFA2C110F209A84C0CBA456558B6C
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 6C5426FB Relevance: 61.6, APIs: 28, Strings: 7, Instructions: 383networkstringfileCOMMON
                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 494 6c5426fb-6c54273b call 6c541000 497 6c542741-6c542769 HttpOpenRequestA 494->497 498 6c542933 494->498 499 6c542927-6c542931 497->499 500 6c54276f-6c542776 497->500 501 6c542936-6c54293d 498->501 499->501 502 6c5427a3-6c5427aa 500->502 503 6c542778-6c5427a1 wsprintfA HttpAddRequestHeadersA 500->503 504 6c542be3-6c542beb 501->504 505 6c542943-6c54295d 501->505 508 6c5427d7-6c5427e6 HttpSendRequestA 502->508 509 6c5427ac-6c5427d5 wsprintfA HttpAddRequestHeadersA 502->509 503->502 506 6c542961-6c5429ca HttpOpenRequestA 505->506 507 6c54295f 505->507 510 6c5429d0-6c5429d7 506->510 511 6c542bd9 506->511 507->506 512 6c5427ec-6c5427f2 call 6c542e3f 508->512 513 6c54291b-6c542925 508->513 509->508 514 6c542a07 510->514 515 6c5429d9-6c542a05 wsprintfA HttpAddRequestHeadersA 510->515 511->504 522 6c5427f3-6c54280c InternetReadFile 512->522 517 6c542912-6c542919 InternetCloseHandle 513->517 518 6c542a0c-6c542a13 514->518 515->518 517->501 520 6c542a15-6c542a1e HttpAddRequestHeadersA 518->520 521 6c542a20-6c542a27 518->521 520->521 525 6c542a34-6c542a3b 521->525 526 6c542a29-6c542a32 HttpAddRequestHeadersA 521->526 523 6c542814-6c542820 522->523 524 6c54280e-6c542812 522->524 527 6c542822-6c542825 523->527 528 6c542863-6c542866 523->528 524->522 524->523 529 6c542a44-6c542a4b 525->529 530 6c542a3d-6c542a42 HttpAddRequestHeadersA 525->530 526->525 531 6c542827-6c54282a 527->531 532 6c54282c-6c54284a InternetErrorDlg 527->532 535 6c542872-6c542875 528->535 536 6c542868-6c54286b 528->536 533 6c542a74-6c542a7b 529->533 534 6c542a4d-6c542a72 wsprintfA HttpAddRequestHeadersA 529->534 530->529 531->528 531->532 538 6c54284c-6c542856 532->538 539 6c54285b-6c54285e 532->539 540 6c542aa5-6c542aa9 533->540 541 6c542a7d-6c542aa3 wsprintfA HttpAddRequestHeadersA 533->541 534->533 537 6c54287a-6c54287d 535->537 536->535 542 6c54286d-6c542870 536->542 537->517 543 6c542883-6c5428af HttpQueryInfoA 537->543 538->508 539->528 544 6c542aaa-6c542aad 540->544 541->540 542->535 542->537 545 6c5428b1-6c5428b8 543->545 546 6c5428cb-6c5428f1 HttpQueryInfoA 543->546 547 6c542aef-6c542af8 call 6c541e0a 544->547 548 6c542aaf-6c542ab0 call 6c541e0a 544->548 545->546 550 6c5428ba-6c5428c9 lstrcpynA 545->550 552 6c5428f3-6c5428fa 546->552 553 6c54290d 546->553 557 6c542afe-6c542b04 547->557 559 6c542bc2-6c542bcb call 6c542e3f 547->559 554 6c542ab5-6c542ab8 548->554 550->546 552->553 556 6c5428fc-6c54290b lstrcpynA 552->556 553->517 554->557 558 6c542aba-6c542ae9 InternetQueryOptionA InternetSetOptionA 554->558 556->553 557->504 560 6c542b0a-6c542b1c call 6c542e3f 557->560 558->547 559->504 565 6c542bcd-6c542bd7 559->565 566 6c542b1e-6c542b21 560->566 567 6c542b5a-6c542b5c 560->567 565->504 569 6c542b23-6c542b26 566->569 570 6c542b28-6c542b45 InternetErrorDlg 566->570 567->504 568 6c542b62-6c542b6a 567->568 571 6c542ba7-6c542bb4 InternetSetFilePointer 568->571 572 6c542b6c-6c542b89 HttpQueryInfoA 568->572 569->567 569->570 573 6c542b47-6c542b4d 570->573 574 6c542b52-6c542b55 570->574 571->504 577 6c542bb6-6c542bc0 571->577 575 6c542b9e-6c542ba5 572->575 576 6c542b8b-6c542b9c call 6c543b6f 572->576 573->544 574->567 575->504 576->504 577->504
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • HttpOpenRequestA.WININET(?,HEAD,00000000,00000000,00000000,00000000,00000000,00000000), ref: 6C54275F
                                                                                                                                                                                                    • wsprintfA.USER32 ref: 6C542789
                                                                                                                                                                                                    • HttpAddRequestHeadersA.WININET(00000000,?,000000FF,A0000000), ref: 6C5427A1
                                                                                                                                                                                                    • wsprintfA.USER32 ref: 6C5427BD
                                                                                                                                                                                                    • HttpAddRequestHeadersA.WININET(00000000,?,000000FF,A0000000), ref: 6C5427D5
                                                                                                                                                                                                    • HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 6C5427DE
                                                                                                                                                                                                    • InternetReadFile.WININET(00000000,00000000,00000100,?), ref: 6C542804
                                                                                                                                                                                                    • InternetErrorDlg.WININET(00000000,00002EEE,00000007,00000000), ref: 6C54283C
                                                                                                                                                                                                    • HttpQueryInfoA.WININET(00000000,0000001C,00000000,?,00000000), ref: 6C5428A1
                                                                                                                                                                                                    • lstrcpynA.KERNEL32(6C545B30,00000000,00000100), ref: 6C5428C9
                                                                                                                                                                                                    • HttpQueryInfoA.WININET(00000000,0000003D,00000000,00000100,00000000), ref: 6C5428E9
                                                                                                                                                                                                    • lstrcpynA.KERNEL32(6C545BB0,00000000,00000100), ref: 6C54290B
                                                                                                                                                                                                      • Part of subcall function 6C542E3F: HttpQueryInfoA.WININET(?,00000013,?,00000100,00000000), ref: 6C542E7E
                                                                                                                                                                                                      • Part of subcall function 6C542E3F: lstrcmpA.KERNEL32(?,6C544154,00000000,?,?,00000000), ref: 6C542EA5
                                                                                                                                                                                                      • Part of subcall function 6C542E3F: lstrcmpA.KERNEL32(?,401,?,?,00000000), ref: 6C542EC7
                                                                                                                                                                                                    • InternetCloseHandle.WININET(00000000), ref: 6C542913
                                                                                                                                                                                                    • HttpOpenRequestA.WININET(?,PUT,00000000,00000000,00000000,00000000,80000000,00000000), ref: 6C5429C0
                                                                                                                                                                                                    • wsprintfA.USER32 ref: 6C5429EA
                                                                                                                                                                                                    • HttpAddRequestHeadersA.WININET(00000000,?,000000FF,A0000000), ref: 6C542A03
                                                                                                                                                                                                    • HttpAddRequestHeadersA.WININET(00000000,Content-Type: application/x-www-form-urlencoded,000000FF,A0000000), ref: 6C542A1E
                                                                                                                                                                                                    • HttpAddRequestHeadersA.WININET(00000000,6C5459A8,000000FF,A0000000), ref: 6C542A32
                                                                                                                                                                                                    • HttpAddRequestHeadersA.WININET(00000000,00000000,000000FF,A0000000), ref: 6C542A42
                                                                                                                                                                                                    • wsprintfA.USER32 ref: 6C542A5E
                                                                                                                                                                                                    • HttpAddRequestHeadersA.WININET(00000000,?,000000FF,A0000000), ref: 6C542A72
                                                                                                                                                                                                    • wsprintfA.USER32 ref: 6C542A8F
                                                                                                                                                                                                    • HttpAddRequestHeadersA.WININET(00000000,?,000000FF,A0000000), ref: 6C542AA3
                                                                                                                                                                                                    • InternetQueryOptionA.WININET(00000000,0000001F,?,?), ref: 6C542AC8
                                                                                                                                                                                                    • InternetSetOptionA.WININET(00000000,0000001F,?,00000004), ref: 6C542AE9
                                                                                                                                                                                                    • InternetErrorDlg.WININET(00000000,00002EEE,00000007,00000000), ref: 6C542B37
                                                                                                                                                                                                    • HttpQueryInfoA.WININET(00000000,00000005,00000000,?,00000000), ref: 6C542B81
                                                                                                                                                                                                    • InternetSetFilePointer.WININET(00000000,00000000,00000000,00000000,00000000), ref: 6C542BAB
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000003.00000002.3254939774.000000006C541000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C540000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000003.00000002.3254884453.000000006C540000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3255017366.000000006C544000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3255091430.000000006C545000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3255174173.000000006C549000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c540000_setup.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Http$Request$Headers$Internet$Querywsprintf$Info$ErrorFileOpenOptionlstrcmplstrcpyn$CloseHandlePointerReadSend
                                                                                                                                                                                                    • String ID: Authorization: basic %s$Content-Type: application/x-www-form-urlencoded$Content-Type: octet-streamContent-Length: %d$HEAD$POST$PUT$Proxy-authorization: basic %s
                                                                                                                                                                                                    • API String ID: 1700790159-387942550
                                                                                                                                                                                                    • Opcode ID: ba5fad8f2fef4f758f46e9a7e5c713d40c88d6827ec59f742e9f3ca0be916774
                                                                                                                                                                                                    • Instruction ID: 8f35198d184ea78dffd4e111c5e06d50aa2fbca022cf4f8a9055ea68277c56c5
                                                                                                                                                                                                    • Opcode Fuzzy Hash: ba5fad8f2fef4f758f46e9a7e5c713d40c88d6827ec59f742e9f3ca0be916774
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9CD1C770649228FEEB11EF21CC8CBEA37BCEB0631DF51C565E544E6980D7708A849B69
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00403A45 Relevance: 58.1, APIs: 32, Strings: 1, Instructions: 345windowstringCOMMON
                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 580 403a45-403a57 581 403b98-403ba7 580->581 582 403a5d-403a63 580->582 584 403bf6-403c0b 581->584 585 403ba9-403bf1 GetDlgItem * 2 call 403f18 SetClassLongA call 40140b 581->585 582->581 583 403a69-403a72 582->583 588 403a74-403a81 SetWindowPos 583->588 589 403a87-403a8a 583->589 586 403c4b-403c50 call 403f64 584->586 587 403c0d-403c10 584->587 585->584 599 403c55-403c70 586->599 591 403c12-403c1d call 401389 587->591 592 403c43-403c45 587->592 588->589 594 403aa4-403aaa 589->594 595 403a8c-403a9e ShowWindow 589->595 591->592 613 403c1f-403c3e SendMessageA 591->613 592->586 598 403ee5 592->598 600 403ac6-403ac9 594->600 601 403aac-403ac1 DestroyWindow 594->601 595->594 606 403ee7-403eee 598->606 604 403c72-403c74 call 40140b 599->604 605 403c79-403c7f 599->605 609 403acb-403ad7 SetWindowLongA 600->609 610 403adc-403ae2 600->610 607 403ec2-403ec8 601->607 604->605 616 403ea3-403ebc DestroyWindow EndDialog 605->616 617 403c85-403c90 605->617 607->598 614 403eca-403ed0 607->614 609->606 611 403b85-403b93 call 403f7f 610->611 612 403ae8-403af9 GetDlgItem 610->612 611->606 618 403b18-403b1b 612->618 619 403afb-403b12 SendMessageA IsWindowEnabled 612->619 613->606 614->598 621 403ed2-403edb ShowWindow 614->621 616->607 617->616 622 403c96-403ce3 call 405b88 call 403f18 * 3 GetDlgItem 617->622 623 403b20-403b23 618->623 624 403b1d-403b1e 618->624 619->598 619->618 621->598 650 403ce5-403cea 622->650 651 403ced-403d29 ShowWindow KiUserCallbackDispatcher call 403f3a KiUserCallbackDispatcher 622->651 628 403b31-403b36 623->628 629 403b25-403b2b 623->629 627 403b4e-403b53 call 403ef1 624->627 627->611 632 403b6c-403b7f SendMessageA 628->632 634 403b38-403b3e 628->634 629->632 633 403b2d-403b2f 629->633 632->611 633->627 638 403b40-403b46 call 40140b 634->638 639 403b55-403b5e call 40140b 634->639 648 403b4c 638->648 639->611 647 403b60-403b6a 639->647 647->648 648->627 650->651 654 403d2b-403d2c 651->654 655 403d2e 651->655 656 403d30-403d5e GetSystemMenu EnableMenuItem SendMessageA 654->656 655->656 657 403d60-403d71 SendMessageA 656->657 658 403d73 656->658 659 403d79-403db2 call 403f4d call 405b66 lstrlenA call 405b88 SetWindowTextA call 401389 657->659 658->659 659->599 668 403db8-403dba 659->668 668->599 669 403dc0-403dc4 668->669 670 403de3-403df7 DestroyWindow 669->670 671 403dc6-403dcc 669->671 670->607 673 403dfd-403e2a CreateDialogParamA 670->673 671->598 672 403dd2-403dd8 671->672 672->599 674 403dde 672->674 673->607 675 403e30-403e87 call 403f18 GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 401389 673->675 674->598 675->598 680 403e89-403e9c ShowWindow call 403f64 675->680 682 403ea1 680->682 682->607
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403A81
                                                                                                                                                                                                    • ShowWindow.USER32(?), ref: 00403A9E
                                                                                                                                                                                                    • DestroyWindow.USER32 ref: 00403AB2
                                                                                                                                                                                                    • SetWindowLongA.USER32(?,00000000,00000000), ref: 00403ACE
                                                                                                                                                                                                    • GetDlgItem.USER32(?,?), ref: 00403AEF
                                                                                                                                                                                                    • SendMessageA.USER32(00000000,000000F3,00000000,00000000), ref: 00403B03
                                                                                                                                                                                                    • IsWindowEnabled.USER32(00000000), ref: 00403B0A
                                                                                                                                                                                                    • GetDlgItem.USER32(?,00000001), ref: 00403BB8
                                                                                                                                                                                                    • GetDlgItem.USER32(?,00000002), ref: 00403BC2
                                                                                                                                                                                                    • SetClassLongA.USER32(?,000000F2,?), ref: 00403BDC
                                                                                                                                                                                                    • SendMessageA.USER32(0000040F,00000000,00000001,?), ref: 00403C2D
                                                                                                                                                                                                    • GetDlgItem.USER32(?,00000003), ref: 00403CD3
                                                                                                                                                                                                    • ShowWindow.USER32(00000000,?), ref: 00403CF4
                                                                                                                                                                                                    • KiUserCallbackDispatcher.NTDLL(?,?), ref: 00403D06
                                                                                                                                                                                                    • KiUserCallbackDispatcher.NTDLL(?,?), ref: 00403D21
                                                                                                                                                                                                    • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 00403D37
                                                                                                                                                                                                    • EnableMenuItem.USER32(00000000), ref: 00403D3E
                                                                                                                                                                                                    • SendMessageA.USER32(?,000000F4,00000000,00000001), ref: 00403D56
                                                                                                                                                                                                    • SendMessageA.USER32(?,00000401,00000002,00000000), ref: 00403D69
                                                                                                                                                                                                    • lstrlenA.KERNEL32(004204A0,?,004204A0,Real Files), ref: 00403D92
                                                                                                                                                                                                    • SetWindowTextA.USER32(?,004204A0), ref: 00403DA1
                                                                                                                                                                                                    • ShowWindow.USER32(?,0000000A), ref: 00403ED5
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000003.00000002.3232527221.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000003.00000002.3231937854.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233147250.0000000000407000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000429000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3235230325.0000000000436000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_setup.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Window$Item$MessageSend$Show$CallbackDispatcherLongMenuUser$ClassDestroyEnableEnabledSystemTextlstrlen
                                                                                                                                                                                                    • String ID: Real Files
                                                                                                                                                                                                    • API String ID: 1252290697-515039530
                                                                                                                                                                                                    • Opcode ID: 14e7e0a8131732f9e150b36a7fce0cb21c204cb0cec2561e24870ec1d01c69b9
                                                                                                                                                                                                    • Instruction ID: 1b558320748e03173a152966608fa9e4bba3452d5179f8dde3fdb5243a6fbb8a
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 14e7e0a8131732f9e150b36a7fce0cb21c204cb0cec2561e24870ec1d01c69b9
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 21C18071A04204BBDB216F21ED45E2B3E7DEB4970AF40053EF541B12E1C739AA42DB6E
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 004036AF Relevance: 51.0, APIs: 15, Strings: 14, Instructions: 216stringregistrylibraryCOMMON
                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 683 4036af-4036c7 call 405e88 686 4036c9-4036d9 call 405ac4 683->686 687 4036db-403702 call 405a4d 683->687 696 403725-40374e call 403978 call 40573a 686->696 691 403704-403715 call 405a4d 687->691 692 40371a-403720 lstrcatA 687->692 691->692 692->696 701 403754-403759 696->701 702 4037d5-4037dd call 40573a 696->702 701->702 703 40375b-40377f call 405a4d 701->703 707 4037eb-403810 LoadImageA 702->707 708 4037df-4037e6 call 405b88 702->708 703->702 710 403781-403783 703->710 712 403816-40384c RegisterClassA 707->712 713 40389f-4038a7 call 40140b 707->713 708->707 714 403794-4037a0 lstrlenA 710->714 715 403785-403792 call 405684 710->715 716 403852-40389a SystemParametersInfoA CreateWindowExA 712->716 717 40396e 712->717 726 4038b1-4038bc call 403978 713->726 727 4038a9-4038ac 713->727 721 4037a2-4037b0 lstrcmpiA 714->721 722 4037c8-4037d0 call 405659 call 405b66 714->722 715->714 716->713 719 403970-403977 717->719 721->722 725 4037b2-4037bc GetFileAttributesA 721->725 722->702 729 4037c2-4037c3 call 4056a0 725->729 730 4037be-4037c0 725->730 736 4038c2-4038df ShowWindow LoadLibraryA 726->736 737 403945-403946 call 404fd6 726->737 727->719 729->722 730->722 730->729 739 4038e1-4038e6 LoadLibraryA 736->739 740 4038e8-4038fa GetClassInfoA 736->740 743 40394b-40394d 737->743 739->740 741 403912-403935 DialogBoxParamA call 40140b 740->741 742 4038fc-40390c GetClassInfoA RegisterClassA 740->742 747 40393a-403943 call 4035ff 741->747 742->741 745 403967-403969 call 40140b 743->745 746 40394f-403955 743->746 745->717 746->727 748 40395b-403962 call 40140b 746->748 747->719 748->727
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                      • Part of subcall function 00405E88: GetModuleHandleA.KERNEL32(?,?,00000000,0040327F,00000008), ref: 00405E9A
                                                                                                                                                                                                      • Part of subcall function 00405E88: LoadLibraryA.KERNEL32(?,?,00000000,0040327F,00000008), ref: 00405EA5
                                                                                                                                                                                                      • Part of subcall function 00405E88: GetProcAddress.KERNEL32(00000000,?), ref: 00405EB6
                                                                                                                                                                                                    • lstrcatA.KERNEL32(1033,004204A0,80000001,Control Panel\Desktop\ResourceLocale,00000000,004204A0,00000000,00000006,"C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exe",00000000,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00403720
                                                                                                                                                                                                    • lstrlenA.KERNEL32(get,?,?,?,get,00000000,00429400,1033,004204A0,80000001,Control Panel\Desktop\ResourceLocale,00000000,004204A0,00000000,00000006,"C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exe"), ref: 00403795
                                                                                                                                                                                                    • lstrcmpiA.KERNEL32(?,.exe), ref: 004037A8
                                                                                                                                                                                                    • GetFileAttributesA.KERNEL32(get), ref: 004037B3
                                                                                                                                                                                                    • LoadImageA.USER32(00000067,00000001,00000000,00000000,00008040,00429400), ref: 004037FC
                                                                                                                                                                                                      • Part of subcall function 00405AC4: wsprintfA.USER32 ref: 00405AD1
                                                                                                                                                                                                    • RegisterClassA.USER32 ref: 00403843
                                                                                                                                                                                                    • SystemParametersInfoA.USER32(00000030,00000000,_Nb,00000000), ref: 0040385B
                                                                                                                                                                                                    • CreateWindowExA.USER32(00000080,?,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00403894
                                                                                                                                                                                                    • ShowWindow.USER32(00000005,00000000), ref: 004038CA
                                                                                                                                                                                                    • LoadLibraryA.KERNEL32(RichEd20), ref: 004038DB
                                                                                                                                                                                                    • LoadLibraryA.KERNEL32(RichEd32), ref: 004038E6
                                                                                                                                                                                                    • GetClassInfoA.USER32(00000000,RichEdit20A,00423640), ref: 004038F6
                                                                                                                                                                                                    • GetClassInfoA.USER32(00000000,RichEdit,00423640), ref: 00403903
                                                                                                                                                                                                    • RegisterClassA.USER32(00423640), ref: 0040390C
                                                                                                                                                                                                    • DialogBoxParamA.USER32(?,00000000,00403A45,00000000), ref: 0040392B
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000003.00000002.3232527221.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000003.00000002.3231937854.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233147250.0000000000407000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000429000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3235230325.0000000000436000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_setup.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ClassLoad$InfoLibrary$RegisterWindow$AddressAttributesCreateDialogFileHandleImageModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                                                                                                                                                                    • String ID: "C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exe"$.DEFAULT\Control Panel\International$.exe$1033$@6B$A.B$C:\Users\user\AppData\Local\Temp\$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20A$_Nb$get
                                                                                                                                                                                                    • API String ID: 914957316-3058381113
                                                                                                                                                                                                    • Opcode ID: 6186cd0dc7f5b8c4dd386d80bd90aa2821d034a13263318605b4bd1c267fc880
                                                                                                                                                                                                    • Instruction ID: 5edcd83abe1923a5ef33726047749e404321c8c293ca1ea02831498dc8d0bb6f
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6186cd0dc7f5b8c4dd386d80bd90aa2821d034a13263318605b4bd1c267fc880
                                                                                                                                                                                                    • Instruction Fuzzy Hash: A961A3B16442007FD720AF659D45E2B3AADEB4475AF40457FF940B22E1D77CAD01CA2E
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 6C541185 Relevance: 43.9, APIs: 23, Strings: 2, Instructions: 163windowtimeCOMMON
                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • IsWindow.USER32(?), ref: 6C5411C0
                                                                                                                                                                                                    • GetTickCount.KERNEL32 ref: 6C5411D3
                                                                                                                                                                                                    • GetDlgItem.USER32(?,000003E9), ref: 6C54121F
                                                                                                                                                                                                    • RedrawWindow.USER32(00000000), ref: 6C541228
                                                                                                                                                                                                    • GetDlgItem.USER32(?,00000002), ref: 6C541233
                                                                                                                                                                                                    • RedrawWindow.USER32(00000000), ref: 6C541236
                                                                                                                                                                                                    • GetDlgItem.USER32(?,000003ED), ref: 6C541244
                                                                                                                                                                                                    • RedrawWindow.USER32(00000000), ref: 6C541247
                                                                                                                                                                                                    • MessageBoxA.USER32(?,00000000,6C545828,00000034), ref: 6C541292
                                                                                                                                                                                                    • KillTimer.USER32(?,00000001), ref: 6C5412CB
                                                                                                                                                                                                    • KiUserCallbackDispatcher.NTDLL(?), ref: 6C5412D4
                                                                                                                                                                                                    • GetDlgItem.USER32(?,000003E9), ref: 6C541305
                                                                                                                                                                                                    • RedrawWindow.USER32(00000000), ref: 6C54130E
                                                                                                                                                                                                    • GetDlgItem.USER32(?,00000002), ref: 6C541319
                                                                                                                                                                                                    • RedrawWindow.USER32(00000000), ref: 6C54131C
                                                                                                                                                                                                    • GetDlgItem.USER32(?,000003ED), ref: 6C54132A
                                                                                                                                                                                                    • RedrawWindow.USER32(00000000), ref: 6C54132D
                                                                                                                                                                                                    • GetDlgItem.USER32(?,000003E9), ref: 6C541335
                                                                                                                                                                                                    • UpdateWindow.USER32(00000000), ref: 6C54133E
                                                                                                                                                                                                    • GetDlgItem.USER32(?,00000002), ref: 6C541343
                                                                                                                                                                                                    • UpdateWindow.USER32(00000000), ref: 6C541346
                                                                                                                                                                                                    • GetDlgItem.USER32(?,000003ED), ref: 6C54134E
                                                                                                                                                                                                    • UpdateWindow.USER32(00000000), ref: 6C541351
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000003.00000002.3254939774.000000006C541000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C540000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000003.00000002.3254884453.000000006C540000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3255017366.000000006C544000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3255091430.000000006C545000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3255174173.000000006C549000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c540000_setup.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Window$Item$Redraw$Update$CallbackCountDispatcherKillMessageTickTimerUser
                                                                                                                                                                                                    • String ID: (XTl$Inetc plug-in
                                                                                                                                                                                                    • API String ID: 1206770974-3718244278
                                                                                                                                                                                                    • Opcode ID: c3d5bccedfecba4bab4b6df8c29418bdcd6fd310a3d7fbfcf9ba6db4631eac69
                                                                                                                                                                                                    • Instruction ID: d2a1ee2d7e9c2fdd5c53aa708f4b2ab10d866a4efb4bd6a5832a16ae9fa52dd9
                                                                                                                                                                                                    • Opcode Fuzzy Hash: c3d5bccedfecba4bab4b6df8c29418bdcd6fd310a3d7fbfcf9ba6db4631eac69
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3341A171744208BAEF216F62CC89F5B3E3EEB4178AF55C415F608EA9D0C6B0D960CB94
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00404060 Relevance: 42.2, APIs: 20, Strings: 4, Instructions: 204windowstringCOMMON
                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 789 404060-404070 790 404183-404196 789->790 791 404076-40407e 789->791 792 4041f2-4041f6 790->792 793 404198-4041a1 790->793 794 404080-40408f 791->794 795 404091-404129 call 403f18 * 2 CheckDlgButton call 403f3a GetDlgItem call 403f4d SendMessageA 791->795 799 4042c6-4042cd 792->799 800 4041fc-404210 GetDlgItem 792->800 796 4042d5 793->796 797 4041a7-4041af 793->797 794->795 827 404134-40417e SendMessageA * 2 lstrlenA SendMessageA * 2 795->827 828 40412b-40412e GetSysColor 795->828 803 4042d8-4042df call 403f7f 796->803 797->796 801 4041b5-4041c1 797->801 799->796 802 4042cf 799->802 805 404212-404219 800->805 806 404284-40428b 800->806 801->796 807 4041c7-4041ed GetDlgItem SendMessageA call 403f3a call 4042eb 801->807 802->796 813 4042e4-4042e8 803->813 805->806 810 40421b-404236 805->810 806->803 811 40428d-404294 806->811 807->792 810->806 815 404238-404281 SendMessageA LoadCursorA SetCursor ShellExecuteA LoadCursorA SetCursor 810->815 811->803 816 404296-40429a 811->816 815->806 817 40429c-4042ab SendMessageA 816->817 818 4042ad-4042b1 816->818 817->818 821 4042c1-4042c4 818->821 822 4042b3-4042bf SendMessageA 818->822 821->813 822->821 827->813 828->827
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • CheckDlgButton.USER32(00000000,-0000040A,00000001), ref: 004040EB
                                                                                                                                                                                                    • GetDlgItem.USER32(00000000,000003E8), ref: 004040FF
                                                                                                                                                                                                    • SendMessageA.USER32(00000000,0000045B,00000001,00000000), ref: 0040411D
                                                                                                                                                                                                    • GetSysColor.USER32(?), ref: 0040412E
                                                                                                                                                                                                    • SendMessageA.USER32(00000000,00000443,00000000,?), ref: 0040413D
                                                                                                                                                                                                    • SendMessageA.USER32(00000000,00000445,00000000,04010000), ref: 0040414C
                                                                                                                                                                                                    • lstrlenA.KERNEL32(?), ref: 00404156
                                                                                                                                                                                                    • SendMessageA.USER32(00000000,00000435,00000000,00000000), ref: 00404164
                                                                                                                                                                                                    • SendMessageA.USER32(00000000,00000449,?,00000110), ref: 00404173
                                                                                                                                                                                                    • GetDlgItem.USER32(?,0000040A), ref: 004041D6
                                                                                                                                                                                                    • SendMessageA.USER32(00000000), ref: 004041D9
                                                                                                                                                                                                    • GetDlgItem.USER32(?,000003E8), ref: 00404204
                                                                                                                                                                                                    • SendMessageA.USER32(00000000,0000044B,00000000,00000201), ref: 00404244
                                                                                                                                                                                                    • LoadCursorA.USER32(00000000,00007F02), ref: 00404253
                                                                                                                                                                                                    • SetCursor.USER32(00000000), ref: 0040425C
                                                                                                                                                                                                    • ShellExecuteA.SHELL32(0000070B,open,@.B,00000000,00000000,00000001), ref: 0040426F
                                                                                                                                                                                                    • LoadCursorA.USER32(00000000,00007F00), ref: 0040427C
                                                                                                                                                                                                    • SetCursor.USER32(00000000), ref: 0040427F
                                                                                                                                                                                                    • SendMessageA.USER32(00000111,00000001,00000000), ref: 004042AB
                                                                                                                                                                                                    • SendMessageA.USER32(00000010,00000000,00000000), ref: 004042BF
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000003.00000002.3232527221.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000003.00000002.3231937854.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233147250.0000000000407000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000429000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3235230325.0000000000436000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_setup.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorExecuteShelllstrlen
                                                                                                                                                                                                    • String ID: @.B$N$open$z}
                                                                                                                                                                                                    • API String ID: 3615053054-1307815123
                                                                                                                                                                                                    • Opcode ID: e8b988e3949f0b6d91b1b58256fef292242953983a672fd1ea6cb44b2e1e2ed0
                                                                                                                                                                                                    • Instruction ID: 7761d7a6ce13443680711406d70bf9c6d022160e69bfd2fffc9b265f6460a43d
                                                                                                                                                                                                    • Opcode Fuzzy Hash: e8b988e3949f0b6d91b1b58256fef292242953983a672fd1ea6cb44b2e1e2ed0
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4661B2B1A40209BFEB109F60DC45F6A3B69FB44755F10817AFB04BA2D1C7B8A951CF98
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00402C72 Relevance: 26.5, APIs: 5, Strings: 10, Instructions: 203memoryCOMMON
                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 829 402c72-402cc0 GetTickCount GetModuleFileNameA call 40583d 832 402cc2-402cc7 829->832 833 402ccc-402cfa call 405b66 call 4056a0 call 405b66 GetFileSize 829->833 834 402f11-402f15 832->834 841 402d00-402d17 833->841 842 402dea-402df8 call 402bd3 833->842 844 402d19 841->844 845 402d1b-402d21 call 4031bf 841->845 848 402ec9-402ece 842->848 849 402dfe-402e01 842->849 844->845 850 402d26-402d28 845->850 848->834 851 402e03-402e14 call 4031f1 call 4031bf 849->851 852 402e2d-402e79 GlobalAlloc call 405f62 call 40586c CreateFileA 849->852 853 402e85-402e8d call 402bd3 850->853 854 402d2e-402d34 850->854 875 402e19-402e1b 851->875 878 402e7b-402e80 852->878 879 402e8f-402ebf call 4031f1 call 402f18 852->879 853->848 858 402db4-402db8 854->858 859 402d36-402d4e call 4057fe 854->859 862 402dc1-402dc7 858->862 863 402dba-402dc0 call 402bd3 858->863 859->862 874 402d50-402d57 859->874 870 402dc9-402dd7 call 405ef4 862->870 871 402dda-402de4 862->871 863->862 870->871 871->841 871->842 874->862 880 402d59-402d60 874->880 875->848 881 402e21-402e27 875->881 878->834 889 402ec4-402ec7 879->889 880->862 882 402d62-402d69 880->882 881->848 881->852 882->862 884 402d6b-402d72 882->884 884->862 886 402d74-402d94 884->886 886->848 888 402d9a-402d9e 886->888 890 402da0-402da4 888->890 891 402da6-402dae 888->891 889->848 892 402ed0-402ee1 889->892 890->842 890->891 891->862 893 402db0-402db2 891->893 894 402ee3 892->894 895 402ee9-402eee 892->895 893->862 894->895 896 402eef-402ef5 895->896 896->896 897 402ef7-402f0f call 4057fe 896->897 897->834
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetTickCount.KERNEL32 ref: 00402C86
                                                                                                                                                                                                    • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exe,00000400), ref: 00402CA2
                                                                                                                                                                                                      • Part of subcall function 0040583D: GetFileAttributesA.KERNEL32(00000003,00402CB5,C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exe,80000000,00000003), ref: 00405841
                                                                                                                                                                                                      • Part of subcall function 0040583D: CreateFileA.KERNEL32(?,?,00000001,00000000,?,00000001,00000000), ref: 00405863
                                                                                                                                                                                                    • GetFileSize.KERNEL32(00000000,00000000,0042B000,00000000,C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp,C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp,C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exe,C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exe,80000000,00000003), ref: 00402CEB
                                                                                                                                                                                                    • GlobalAlloc.KERNEL32(00000040,00409130), ref: 00402E32
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • Inst, xrefs: 00402D59
                                                                                                                                                                                                    • C:\Users\user\AppData\Local\Temp\, xrefs: 00402C72, 00402E4A
                                                                                                                                                                                                    • C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp, xrefs: 00402CCD, 00402CD2, 00402CD8
                                                                                                                                                                                                    • soft, xrefs: 00402D62
                                                                                                                                                                                                    • "C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exe", xrefs: 00402C7F
                                                                                                                                                                                                    • C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exe, xrefs: 00402C8C, 00402C9B, 00402CAF, 00402CCC
                                                                                                                                                                                                    • Error writing temporary file. Make sure your temp folder is valid., xrefs: 00402E7B
                                                                                                                                                                                                    • Error launching installer, xrefs: 00402CC2
                                                                                                                                                                                                    • Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error, xrefs: 00402EC9
                                                                                                                                                                                                    • Null, xrefs: 00402D6B
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000003.00000002.3232527221.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000003.00000002.3231937854.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233147250.0000000000407000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000429000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3235230325.0000000000436000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_setup.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: File$AllocAttributesCountCreateGlobalModuleNameSizeTick
                                                                                                                                                                                                    • String ID: "C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exe"$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp$C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exe$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error$Null$soft
                                                                                                                                                                                                    • API String ID: 2803837635-3230866788
                                                                                                                                                                                                    • Opcode ID: 0cdd48fbc5a4d5c8723b79192c8575744a8c62d839b7521bcc62a74243bb106d
                                                                                                                                                                                                    • Instruction ID: 0b72a330c31c6d4d52753dad6a5c3012229d4666e6dae103a7747cbc92612fb8
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0cdd48fbc5a4d5c8723b79192c8575744a8c62d839b7521bcc62a74243bb106d
                                                                                                                                                                                                    • Instruction Fuzzy Hash: B761E231A40215ABDB20DF64DE49B9E7BB4EB04315F20407BF904B62D2D7BC9E458B9C
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00401734 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 147stringtimeCOMMON
                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 969 401734-401757 call 4029f6 call 4056c6 974 401761-401773 call 405b66 call 405659 lstrcatA 969->974 975 401759-40175f call 405b66 969->975 980 401778-40177e call 405dc8 974->980 975->980 985 401783-401787 980->985 986 401789-401793 call 405e61 985->986 987 4017ba-4017bd 985->987 994 4017a5-4017b7 986->994 995 401795-4017a3 CompareFileTime 986->995 989 4017c5-4017e1 call 40583d 987->989 990 4017bf-4017c0 call 40581e 987->990 997 4017e3-4017e6 989->997 998 401859-401882 call 404f04 call 402f18 989->998 990->989 994->987 995->994 999 4017e8-40182a call 405b66 * 2 call 405b88 call 405b66 call 405427 997->999 1000 40183b-401845 call 404f04 997->1000 1012 401884-401888 998->1012 1013 40188a-401896 SetFileTime 998->1013 999->985 1032 401830-401831 999->1032 1010 40184e-401854 1000->1010 1014 402894 1010->1014 1012->1013 1016 40189c-4018a7 CloseHandle 1012->1016 1013->1016 1017 402896-40289a 1014->1017 1019 40288b-40288e 1016->1019 1020 4018ad-4018b0 1016->1020 1019->1014 1022 4018b2-4018c3 call 405b88 lstrcatA 1020->1022 1023 4018c5-4018c8 call 405b88 1020->1023 1027 4018cd-402213 call 405427 1022->1027 1023->1027 1027->1017 1036 40265c-402663 1027->1036 1032->1010 1034 401833-401834 1032->1034 1034->1000 1036->1019
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • lstrcatA.KERNEL32(00000000,00000000,get,00429800,00000000,00000000,00000031), ref: 00401773
                                                                                                                                                                                                    • CompareFileTime.KERNEL32(-00000014,?,get,get,00000000,00000000,get,00429800,00000000,00000000,00000031), ref: 0040179D
                                                                                                                                                                                                      • Part of subcall function 00405B66: lstrcpynA.KERNEL32(?,?,00000400,004032AA,Real Files,NSIS Error), ref: 00405B73
                                                                                                                                                                                                      • Part of subcall function 00404F04: lstrlenA.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\inetc.dll,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C4A,00000000,?), ref: 00404F3D
                                                                                                                                                                                                      • Part of subcall function 00404F04: lstrlenA.KERNEL32(00402C4A,Skipped: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\inetc.dll,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C4A,00000000), ref: 00404F4D
                                                                                                                                                                                                      • Part of subcall function 00404F04: lstrcatA.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\inetc.dll,00402C4A,00402C4A,Skipped: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\inetc.dll,00000000,00000000,00000000), ref: 00404F60
                                                                                                                                                                                                      • Part of subcall function 00404F04: SetWindowTextA.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\inetc.dll,Skipped: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\inetc.dll), ref: 00404F72
                                                                                                                                                                                                      • Part of subcall function 00404F04: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404F98
                                                                                                                                                                                                      • Part of subcall function 00404F04: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404FB2
                                                                                                                                                                                                      • Part of subcall function 00404F04: SendMessageA.USER32(?,00001013,?,00000000), ref: 00404FC0
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000003.00000002.3232527221.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000003.00000002.3231937854.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233147250.0000000000407000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000429000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3235230325.0000000000436000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_setup.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                                                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\nswE17E.tmp$C:\Users\user\AppData\Local\Temp\nswE17E.tmp\inetc.dll$get
                                                                                                                                                                                                    • API String ID: 1941528284-67655862
                                                                                                                                                                                                    • Opcode ID: 7e13bad854fddeb55fa2929aff0ffc3a5c93114e1649d47e1deeff05be23e6f2
                                                                                                                                                                                                    • Instruction ID: ca24b6133afb507e547736dc5ab02d451b7f1a2d30e0a517c5ad6537af4b780a
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7e13bad854fddeb55fa2929aff0ffc3a5c93114e1649d47e1deeff05be23e6f2
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8441C131900515BBCB10BFB5DD46EAF3A79EF01369B24433BF511B11E1D63C9A418AAD
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00404F04 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 73stringwindowCOMMON
                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 1037 404f04-404f19 1038 404fcf-404fd3 1037->1038 1039 404f1f-404f31 1037->1039 1040 404f33-404f37 call 405b88 1039->1040 1041 404f3c-404f48 lstrlenA 1039->1041 1040->1041 1043 404f65-404f69 1041->1043 1044 404f4a-404f5a lstrlenA 1041->1044 1046 404f78-404f7c 1043->1046 1047 404f6b-404f72 SetWindowTextA 1043->1047 1044->1038 1045 404f5c-404f60 lstrcatA 1044->1045 1045->1043 1048 404fc2-404fc4 1046->1048 1049 404f7e-404fc0 SendMessageA * 3 1046->1049 1047->1046 1048->1038 1050 404fc6-404fc9 1048->1050 1049->1048 1050->1038
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • lstrlenA.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\inetc.dll,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C4A,00000000,?), ref: 00404F3D
                                                                                                                                                                                                    • lstrlenA.KERNEL32(00402C4A,Skipped: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\inetc.dll,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C4A,00000000), ref: 00404F4D
                                                                                                                                                                                                    • lstrcatA.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\inetc.dll,00402C4A,00402C4A,Skipped: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\inetc.dll,00000000,00000000,00000000), ref: 00404F60
                                                                                                                                                                                                    • SetWindowTextA.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\inetc.dll,Skipped: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\inetc.dll), ref: 00404F72
                                                                                                                                                                                                    • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404F98
                                                                                                                                                                                                    • SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404FB2
                                                                                                                                                                                                    • SendMessageA.USER32(?,00001013,?,00000000), ref: 00404FC0
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000003.00000002.3232527221.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000003.00000002.3231937854.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233147250.0000000000407000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000429000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3235230325.0000000000436000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_setup.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: MessageSend$lstrlen$TextWindowlstrcat
                                                                                                                                                                                                    • String ID: Skipped: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\inetc.dll
                                                                                                                                                                                                    • API String ID: 2531174081-741194241
                                                                                                                                                                                                    • Opcode ID: 3060ff48176a0075549dcba78de7f639edbccfa172efc44d831dc49f1ba50047
                                                                                                                                                                                                    • Instruction ID: 33d69ec58002f5e3cec48cf4aa7ac502a1da6879986bf9ca4026f821734cd723
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3060ff48176a0075549dcba78de7f639edbccfa172efc44d831dc49f1ba50047
                                                                                                                                                                                                    • Instruction Fuzzy Hash: C4219D71A00108BBDF119FA5CD849DEBFB9EB49354F14807AFA04B6290C3389E45CBA8
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00402F18 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 109fileCOMMON
                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 1051 402f18-402f27 1052 402f45-402f50 call 403043 1051->1052 1053 402f29-402f3f SetFilePointer 1051->1053 1056 402f56-402f70 ReadFile 1052->1056 1057 40303c-403040 1052->1057 1053->1052 1058 402f76-402f79 1056->1058 1059 403039 1056->1059 1058->1059 1060 402f7f-402f92 call 403043 1058->1060 1061 40303b 1059->1061 1060->1057 1064 402f98-402f9b 1060->1064 1061->1057 1065 403008-40300e 1064->1065 1066 402f9d-402fa0 1064->1066 1067 403010 1065->1067 1068 403013-403026 ReadFile 1065->1068 1069 403034-403037 1066->1069 1070 402fa6 1066->1070 1067->1068 1068->1059 1071 403028-403031 1068->1071 1069->1057 1072 402fab-402fb3 1070->1072 1071->1069 1073 402fb5 1072->1073 1074 402fb8-402fca ReadFile 1072->1074 1073->1074 1074->1059 1075 402fcc-402fcf 1074->1075 1075->1059 1076 402fd1-402fe6 WriteFile 1075->1076 1077 403004-403006 1076->1077 1078 402fe8-402feb 1076->1078 1077->1061 1078->1077 1079 402fed-403000 1078->1079 1079->1072 1080 403002 1079->1080 1080->1069
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • SetFilePointer.KERNEL32(00409130,00000000,00000000,00000000,00000000,00000000,?,?,?,00402EC4,000000FF,00000000,00000000,00409130,0000B5E4), ref: 00402F3F
                                                                                                                                                                                                    • ReadFile.KERNEL32(00409130,00000004,0000B5E4,00000000,00000004,00000000,00000000,00000000,?,?,?,00402EC4,000000FF,00000000,00000000,00409130), ref: 00402F6C
                                                                                                                                                                                                    • ReadFile.KERNEL32(00413040,00004000,0000B5E4,00000000,00409130,?,00402EC4,000000FF,00000000,00000000,00409130,0000B5E4), ref: 00402FC6
                                                                                                                                                                                                    • WriteFile.KERNEL32(00000000,00413040,0000B5E4,000000FF,00000000,?,00402EC4,000000FF,00000000,00000000,00409130,0000B5E4), ref: 00402FDE
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000003.00000002.3232527221.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000003.00000002.3231937854.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233147250.0000000000407000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000429000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3235230325.0000000000436000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_setup.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: File$Read$PointerWrite
                                                                                                                                                                                                    • String ID: @0A
                                                                                                                                                                                                    • API String ID: 2113905535-1363546919
                                                                                                                                                                                                    • Opcode ID: 3fc20a6f8204afd4db5be5275d6ec1a2b538eb21de19a3adc5be7867336c551b
                                                                                                                                                                                                    • Instruction ID: f0f891dec1baa82fcb152a6e3a42d02399587e043c2e4755ce28507b82245ee9
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3fc20a6f8204afd4db5be5275d6ec1a2b538eb21de19a3adc5be7867336c551b
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3F315731501249EBDB21CF55DD40A9E7FBCEB843A5F20407AFA05A6190D3789F81DBA9
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00402BD3 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 51COMMON
                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 1081 402bd3-402bdf 1082 402be1-402be8 1081->1082 1083 402bf9-402bff 1081->1083 1084 402bf1-402bf7 1082->1084 1085 402bea-402beb DestroyWindow 1082->1085 1086 402c01-402c07 call 405ec1 1083->1086 1087 402c09-402c15 GetTickCount 1083->1087 1090 402c6f-402c71 1084->1090 1085->1084 1086->1090 1089 402c17-402c1d 1087->1089 1087->1090 1092 402c4c-402c69 CreateDialogParamA ShowWindow 1089->1092 1093 402c1f-402c26 1089->1093 1092->1090 1093->1090 1094 402c28-402c45 call 402bb7 wsprintfA call 404f04 1093->1094 1098 402c4a 1094->1098 1098->1090
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • DestroyWindow.USER32(00000000,00000000), ref: 00402BEB
                                                                                                                                                                                                    • GetTickCount.KERNEL32 ref: 00402C09
                                                                                                                                                                                                    • wsprintfA.USER32 ref: 00402C37
                                                                                                                                                                                                      • Part of subcall function 00404F04: lstrlenA.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\inetc.dll,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C4A,00000000,?), ref: 00404F3D
                                                                                                                                                                                                      • Part of subcall function 00404F04: lstrlenA.KERNEL32(00402C4A,Skipped: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\inetc.dll,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C4A,00000000), ref: 00404F4D
                                                                                                                                                                                                      • Part of subcall function 00404F04: lstrcatA.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\inetc.dll,00402C4A,00402C4A,Skipped: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\inetc.dll,00000000,00000000,00000000), ref: 00404F60
                                                                                                                                                                                                      • Part of subcall function 00404F04: SetWindowTextA.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\inetc.dll,Skipped: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\inetc.dll), ref: 00404F72
                                                                                                                                                                                                      • Part of subcall function 00404F04: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404F98
                                                                                                                                                                                                      • Part of subcall function 00404F04: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404FB2
                                                                                                                                                                                                      • Part of subcall function 00404F04: SendMessageA.USER32(?,00001013,?,00000000), ref: 00404FC0
                                                                                                                                                                                                    • CreateDialogParamA.USER32(0000006F,00000000,00402B3B,00000000), ref: 00402C5B
                                                                                                                                                                                                    • ShowWindow.USER32(00000000,00000005), ref: 00402C69
                                                                                                                                                                                                      • Part of subcall function 00402BB7: MulDiv.KERNEL32(00000000,00000064,00004CD9), ref: 00402BCC
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000003.00000002.3232527221.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000003.00000002.3231937854.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233147250.0000000000407000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000429000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3235230325.0000000000436000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_setup.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: MessageSendWindow$lstrlen$CountCreateDestroyDialogParamShowTextTicklstrcatwsprintf
                                                                                                                                                                                                    • String ID: ... %d%%
                                                                                                                                                                                                    • API String ID: 722711167-2449383134
                                                                                                                                                                                                    • Opcode ID: f8ace1eb95c0e61b2c61dafef86db0eeb17deac8452a01d8f5baf0090805ef89
                                                                                                                                                                                                    • Instruction ID: c44cf6bb529b7c61e0c77009ed50883557557090b8ffabf6f859222ef57aaf40
                                                                                                                                                                                                    • Opcode Fuzzy Hash: f8ace1eb95c0e61b2c61dafef86db0eeb17deac8452a01d8f5baf0090805ef89
                                                                                                                                                                                                    • Instruction Fuzzy Hash: C6016170949210EBD7215F61EE4DA9F7B78AB04701B14403BF502B11E5C6BC9A01CBAE
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00403043 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 108fileCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetTickCount.KERNEL32 ref: 00403058
                                                                                                                                                                                                      • Part of subcall function 004031F1: SetFilePointer.KERNEL32(00000000,00000000,00000000,00402E9D,0000B5E4), ref: 004031FF
                                                                                                                                                                                                    • SetFilePointer.KERNEL32(00000000,00000000,?,00000000,?,00402F4E,00000004,00000000,00000000,00000000,?,?,?,00402EC4,000000FF,00000000), ref: 0040308B
                                                                                                                                                                                                    • WriteFile.KERNEL32(0040B040,0040FD19,00000000,00000000,00413040,00004000,?,00000000,?,00402F4E,00000004,00000000,00000000,00000000,?,?), ref: 00403145
                                                                                                                                                                                                    • SetFilePointer.KERNEL32(00AD89A1,00000000,00000000,00413040,00004000,?,00000000,?,00402F4E,00000004,00000000,00000000,00000000,?,?), ref: 00403197
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000003.00000002.3232527221.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000003.00000002.3231937854.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233147250.0000000000407000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000429000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3235230325.0000000000436000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_setup.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: File$Pointer$CountTickWrite
                                                                                                                                                                                                    • String ID: @0A
                                                                                                                                                                                                    • API String ID: 2146148272-1363546919
                                                                                                                                                                                                    • Opcode ID: c3ab3b2a6ebb8e6cedc02463b91186366695901546e3771a82caeddcf6bda455
                                                                                                                                                                                                    • Instruction ID: c862c83604f3b109b9ae356e59bf9e99270c6d64ee518f880403d0392c1b0dc8
                                                                                                                                                                                                    • Opcode Fuzzy Hash: c3ab3b2a6ebb8e6cedc02463b91186366695901546e3771a82caeddcf6bda455
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4B41ABB25042029FD710CF29EE4096A7FBDF748356705423BE501BA2E1CB3C6E099B9E
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00401F51 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 73libraryloaderCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetModuleHandleA.KERNEL32(00000000,00000001,000000F0), ref: 00401F7C
                                                                                                                                                                                                      • Part of subcall function 00404F04: lstrlenA.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\inetc.dll,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C4A,00000000,?), ref: 00404F3D
                                                                                                                                                                                                      • Part of subcall function 00404F04: lstrlenA.KERNEL32(00402C4A,Skipped: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\inetc.dll,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C4A,00000000), ref: 00404F4D
                                                                                                                                                                                                      • Part of subcall function 00404F04: lstrcatA.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\inetc.dll,00402C4A,00402C4A,Skipped: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\inetc.dll,00000000,00000000,00000000), ref: 00404F60
                                                                                                                                                                                                      • Part of subcall function 00404F04: SetWindowTextA.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\inetc.dll,Skipped: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\inetc.dll), ref: 00404F72
                                                                                                                                                                                                      • Part of subcall function 00404F04: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404F98
                                                                                                                                                                                                      • Part of subcall function 00404F04: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404FB2
                                                                                                                                                                                                      • Part of subcall function 00404F04: SendMessageA.USER32(?,00001013,?,00000000), ref: 00404FC0
                                                                                                                                                                                                    • LoadLibraryExA.KERNEL32(00000000,?,00000008,00000001,000000F0), ref: 00401F8C
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,?), ref: 00401F9C
                                                                                                                                                                                                    • FreeLibrary.KERNEL32(00000000,00000000,000000F7,?,?,00000008,00000001,000000F0), ref: 00402007
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000003.00000002.3232527221.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000003.00000002.3231937854.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233147250.0000000000407000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000429000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3235230325.0000000000436000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_setup.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: MessageSend$Librarylstrlen$AddressFreeHandleLoadModuleProcTextWindowlstrcat
                                                                                                                                                                                                    • String ID: ?B
                                                                                                                                                                                                    • API String ID: 2987980305-117478770
                                                                                                                                                                                                    • Opcode ID: 8a5e19ada2a0501c23d939e05fc9a3d0d7d0ee5640c0e41b76e5c8575941fe9f
                                                                                                                                                                                                    • Instruction ID: 83c29b7dad20212888764ed045f323035a642c1bbb84e8da84d377f5f563bf0e
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8a5e19ada2a0501c23d939e05fc9a3d0d7d0ee5640c0e41b76e5c8575941fe9f
                                                                                                                                                                                                    • Instruction Fuzzy Hash: D621EE72D04216EBCF207FA4DE49A6E75B06B44399F204237F511B52E0D77C4D41965E
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 0040586C Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 32COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetTickCount.KERNEL32 ref: 0040587F
                                                                                                                                                                                                    • GetTempFileNameA.KERNEL32(?,0061736E,00000000,?), ref: 00405899
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000003.00000002.3232527221.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000003.00000002.3231937854.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233147250.0000000000407000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000429000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3235230325.0000000000436000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_setup.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CountFileNameTempTick
                                                                                                                                                                                                    • String ID: "C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exe"$C:\Users\user\AppData\Local\Temp\$nsa
                                                                                                                                                                                                    • API String ID: 1716503409-2089296500
                                                                                                                                                                                                    • Opcode ID: fc5e126f8815d4696b9f295c06fae67d9d4e63728d0dbdda5093f58b42bfadad
                                                                                                                                                                                                    • Instruction ID: 7bdb262dbebad2fb51735791196b4a750b565e3ebaa120aaaad2cbe3184e43fd
                                                                                                                                                                                                    • Opcode Fuzzy Hash: fc5e126f8815d4696b9f295c06fae67d9d4e63728d0dbdda5093f58b42bfadad
                                                                                                                                                                                                    • Instruction Fuzzy Hash: B1F0A73734820876E7105E55DC04B9B7F9DDF91760F14C027FE44DA1C0D6B49954C7A5
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00401BAD Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 76windowtimeCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • SendMessageTimeoutA.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401C0D
                                                                                                                                                                                                    • SendMessageA.USER32(00000000,00000000,?,?), ref: 00401C25
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000003.00000002.3232527221.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000003.00000002.3231937854.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233147250.0000000000407000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000429000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3235230325.0000000000436000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_setup.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: MessageSend$Timeout
                                                                                                                                                                                                    • String ID: !
                                                                                                                                                                                                    • API String ID: 1777923405-2657877971
                                                                                                                                                                                                    • Opcode ID: 4c88f05d798f5705ce1e1e18451d2fcf653d7f56610e9d44bad61831beeb824c
                                                                                                                                                                                                    • Instruction ID: 67abd366a37910a3fb0c7fe19d632a25016d3899897cc5a5bd850e91adcb6683
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4c88f05d798f5705ce1e1e18451d2fcf653d7f56610e9d44bad61831beeb824c
                                                                                                                                                                                                    • Instruction Fuzzy Hash: B721C4B1A44209BFEF01AFB4CE4AAAE7B75EF44344F14053EF602B60D1D6B84980E718
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 004053C6 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 24processCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,004224A8,Error launching installer), ref: 004053EB
                                                                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 004053F8
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • C:\Users\user\AppData\Local\Temp\, xrefs: 004053C6
                                                                                                                                                                                                    • Error launching installer, xrefs: 004053D9
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000003.00000002.3232527221.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000003.00000002.3231937854.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233147250.0000000000407000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000429000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3235230325.0000000000436000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_setup.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CloseCreateHandleProcess
                                                                                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\$Error launching installer
                                                                                                                                                                                                    • API String ID: 3712363035-7751565
                                                                                                                                                                                                    • Opcode ID: 3b814a6f076d0ba9038e170a1e0f3647fdefee354992cb10a65e7e77ca0a2381
                                                                                                                                                                                                    • Instruction ID: 069b69ca15cd8b990da55ccc95fe3be7356009797bdfa18ab8f6d6c8c96e71ef
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3b814a6f076d0ba9038e170a1e0f3647fdefee354992cb10a65e7e77ca0a2381
                                                                                                                                                                                                    • Instruction Fuzzy Hash: A3E0ECB4A00219BFDB00AF64ED49AAB7BBDEB00305F90C522A911E2150D775D8118AB9
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 004015B3 Relevance: 6.1, APIs: 4, Instructions: 55COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                      • Part of subcall function 004056ED: CharNextA.USER32(0040549F,?,004218A8,00000000,00405751,004218A8,004218A8,?,?,75922EE0,0040549F,?,"C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exe",75922EE0), ref: 004056FB
                                                                                                                                                                                                      • Part of subcall function 004056ED: CharNextA.USER32(00000000), ref: 00405700
                                                                                                                                                                                                      • Part of subcall function 004056ED: CharNextA.USER32(00000000), ref: 0040570F
                                                                                                                                                                                                    • CreateDirectoryA.KERNEL32(00000000,?,00000000,0000005C,00000000,000000F0), ref: 004015DB
                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00000000,0000005C,00000000,000000F0), ref: 004015E5
                                                                                                                                                                                                    • GetFileAttributesA.KERNEL32(00000000,?,00000000,0000005C,00000000,000000F0), ref: 004015F3
                                                                                                                                                                                                    • SetCurrentDirectoryA.KERNEL32(00000000,00429800,00000000,00000000,000000F0), ref: 00401622
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000003.00000002.3232527221.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000003.00000002.3231937854.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233147250.0000000000407000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000429000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3235230325.0000000000436000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_setup.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CharNext$Directory$AttributesCreateCurrentErrorFileLast
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3751793516-0
                                                                                                                                                                                                    • Opcode ID: 79158bb1b9e0f9446a8291b1140989ad94052719e68ebd3d846b01836d69eb3e
                                                                                                                                                                                                    • Instruction ID: c38907cd9fbddcdb820990ab727de55d75fa8bca08f123d111df4852c942a759
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 79158bb1b9e0f9446a8291b1140989ad94052719e68ebd3d846b01836d69eb3e
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7E010431D08141AFDB216F751D4497F27B0AA56369728073FF891B22E2C63C0942962E
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00401389 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43windowCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                                                                                                                                                                                    • SendMessageA.USER32(?,00000402,00000000), ref: 004013F4
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000003.00000002.3232527221.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000003.00000002.3231937854.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233147250.0000000000407000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000429000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3235230325.0000000000436000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_setup.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: MessageSend
                                                                                                                                                                                                    • String ID: ,}
                                                                                                                                                                                                    • API String ID: 3850602802-1426855258
                                                                                                                                                                                                    • Opcode ID: 7b8e9ba5108b55dad21e1cb19ef7846daac3b048e1c883625bc8c045044f289d
                                                                                                                                                                                                    • Instruction ID: b71ad761f0ea07ecc4e6183a90c0cd8288537aab3e92bb5761005deb6e4a9b1f
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7b8e9ba5108b55dad21e1cb19ef7846daac3b048e1c883625bc8c045044f289d
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 20014431B24210ABE7291B388D08B2A32ADE714315F10423FF801F32F0D678DC028B4C
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 6C541E0A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34networkCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • HttpSendRequestExA.WININET(?,?,00000000,00000008,00000000), ref: 6C541E43
                                                                                                                                                                                                    • HttpSendRequestA.WININET(?,00000000,00000000), ref: 6C541E5C
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000003.00000002.3254939774.000000006C541000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C540000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000003.00000002.3254884453.000000006C540000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3255017366.000000006C544000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3255091430.000000006C545000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3255174173.000000006C549000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c540000_setup.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: HttpRequestSend
                                                                                                                                                                                                    • String ID: (
                                                                                                                                                                                                    • API String ID: 360639707-3887548279
                                                                                                                                                                                                    • Opcode ID: a331d3c1aabd4725d01cfe6ce8894a3cc14e3c7a20ca98295325a0bcbe5e7443
                                                                                                                                                                                                    • Instruction ID: 874fc99244711767c95845a0ed93156bbd43399c55f9adf7b06e1ed1f6979de2
                                                                                                                                                                                                    • Opcode Fuzzy Hash: a331d3c1aabd4725d01cfe6ce8894a3cc14e3c7a20ca98295325a0bcbe5e7443
                                                                                                                                                                                                    • Instruction Fuzzy Hash: D1F06776A40208BFEF05AF95CC44DEA7FB9E78A705F84C029F90066540D73298649B68
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00403208 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 20COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                      • Part of subcall function 00405DC8: CharNextA.USER32(?,*?|<>/":,00000000,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exe",C:\Users\user\AppData\Local\Temp\,00000000,00403214,C:\Users\user\AppData\Local\Temp\,00000000,00403386), ref: 00405E20
                                                                                                                                                                                                      • Part of subcall function 00405DC8: CharNextA.USER32(?,?,?,00000000), ref: 00405E2D
                                                                                                                                                                                                      • Part of subcall function 00405DC8: CharNextA.USER32(?,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exe",C:\Users\user\AppData\Local\Temp\,00000000,00403214,C:\Users\user\AppData\Local\Temp\,00000000,00403386), ref: 00405E32
                                                                                                                                                                                                      • Part of subcall function 00405DC8: CharPrevA.USER32(?,?,"C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exe",C:\Users\user\AppData\Local\Temp\,00000000,00403214,C:\Users\user\AppData\Local\Temp\,00000000,00403386), ref: 00405E42
                                                                                                                                                                                                    • CreateDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\,00000000,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403386), ref: 00403229
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000003.00000002.3232527221.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000003.00000002.3231937854.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233147250.0000000000407000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000429000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3235230325.0000000000436000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_setup.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Char$Next$CreateDirectoryPrev
                                                                                                                                                                                                    • String ID: 1033$C:\Users\user\AppData\Local\Temp\
                                                                                                                                                                                                    • API String ID: 4115351271-2030658151
                                                                                                                                                                                                    • Opcode ID: abd89e45c2a658b1316b3d4f01b0b3756ccb9227471bfd75c63f163c6189ffd7
                                                                                                                                                                                                    • Instruction ID: 28437e5e833f6c5712a3d87292ca06883de7807d6adf700678bf42288e0e849f
                                                                                                                                                                                                    • Opcode Fuzzy Hash: abd89e45c2a658b1316b3d4f01b0b3756ccb9227471bfd75c63f163c6189ffd7
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 11D0C922656E3032C651363A3C0AFDF091C8F5271AF55847BF908B40D64B6C5A5259EF
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00406566 Relevance: 5.2, APIs: 4, Instructions: 236COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000003.00000002.3232527221.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000003.00000002.3231937854.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233147250.0000000000407000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000429000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3235230325.0000000000436000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_setup.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: b47bfdafb4299acf6df14b1a265fb959f908a42d38d0bc6d60d6342fbb02c28f
                                                                                                                                                                                                    • Instruction ID: 319d18918fa2cc3741333e20ed782d5c303dd2f769888eebbc994f2124d7c2e6
                                                                                                                                                                                                    • Opcode Fuzzy Hash: b47bfdafb4299acf6df14b1a265fb959f908a42d38d0bc6d60d6342fbb02c28f
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 29A15171E00229CBDF28CFA8C8547ADBBB1FF44305F15812AD856BB281D7789A96DF44
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00406767 Relevance: 5.2, APIs: 4, Instructions: 208COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000003.00000002.3232527221.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000003.00000002.3231937854.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233147250.0000000000407000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000429000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3235230325.0000000000436000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_setup.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: d0b545a720d06a2780d8eb9310de1c164ea8e259f40aa19cdef3f662a7789f4d
                                                                                                                                                                                                    • Instruction ID: 868f2ec1f3ea74d7de1394d818727f69d5aca31e92bf34b5737afca42cfaef71
                                                                                                                                                                                                    • Opcode Fuzzy Hash: d0b545a720d06a2780d8eb9310de1c164ea8e259f40aa19cdef3f662a7789f4d
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6E913171D00229CBEF28CF98C8547ADBBB1FF44305F15812AD856BB281C7789A9ADF44
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 0040647D Relevance: 5.2, APIs: 4, Instructions: 205COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000003.00000002.3232527221.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000003.00000002.3231937854.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233147250.0000000000407000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000429000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3235230325.0000000000436000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_setup.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 3ca4e82cbd918d9bc6f131d9bc7fd5d61b9600368ad5a57dd77e762cc9babb20
                                                                                                                                                                                                    • Instruction ID: e06b97397237a54a8f7c6fae7a0c48c933f493286525731b7b3672fa0d973436
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3ca4e82cbd918d9bc6f131d9bc7fd5d61b9600368ad5a57dd77e762cc9babb20
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 678155B1D00229CFDF24CFA8C8447ADBBB1FB44305F25816AD456BB281D7789A96CF54
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00405F82 Relevance: 5.2, APIs: 4, Instructions: 198COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000003.00000002.3232527221.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000003.00000002.3231937854.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233147250.0000000000407000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000429000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3235230325.0000000000436000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_setup.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: c94337aa44be19872a05e7fe324c1f72408cb83bc4afcb37e89916e28dd5cdb7
                                                                                                                                                                                                    • Instruction ID: 3ccfc7c80e99de65fa6db0e0edc8679980b1d0ea62cd2807200041591328ae3c
                                                                                                                                                                                                    • Opcode Fuzzy Hash: c94337aa44be19872a05e7fe324c1f72408cb83bc4afcb37e89916e28dd5cdb7
                                                                                                                                                                                                    • Instruction Fuzzy Hash: D98187B1D00229CBDF24CFA8C8447AEBBB1FB44305F11816AD856BB2C1C7785A96CF44
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 004063D0 Relevance: 5.2, APIs: 4, Instructions: 180COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000003.00000002.3232527221.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000003.00000002.3231937854.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233147250.0000000000407000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000429000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3235230325.0000000000436000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_setup.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 040a7e0d789931a885e98904e34fb369bef72c7c312577bd0d6f252efd828c84
                                                                                                                                                                                                    • Instruction ID: 235c9a1f152390887c8e3346b3cf8cf745e7d176c25095dba4735a56a8f4339d
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 040a7e0d789931a885e98904e34fb369bef72c7c312577bd0d6f252efd828c84
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 80714371D00229CBDF28CFA8C8447ADBBF1FB48305F15806AD846BB281D7395A96DF54
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 004064EE Relevance: 5.2, APIs: 4, Instructions: 170COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000003.00000002.3232527221.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000003.00000002.3231937854.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233147250.0000000000407000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000429000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3235230325.0000000000436000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_setup.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 55b1e8378e3b2d282ecc9e99db2cbf184c75cfe722202a43e2005f386b139382
                                                                                                                                                                                                    • Instruction ID: 067b91939e33353516387f96afd3df60e22fb0a2a23546be1218d687de4ca84d
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 55b1e8378e3b2d282ecc9e99db2cbf184c75cfe722202a43e2005f386b139382
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 14715371E00229CFEF28CF98C844BADBBB1FB44305F15816AD816BB281C7799996DF54
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 0040643A Relevance: 5.2, APIs: 4, Instructions: 168COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000003.00000002.3232527221.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000003.00000002.3231937854.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233147250.0000000000407000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000429000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3235230325.0000000000436000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_setup.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: c10b0ec6d8a1716373c4594016b158d4b4e2bf5790cbb1f15a9d43b973b4a336
                                                                                                                                                                                                    • Instruction ID: fa01dbb36adddbb747bc37ce8d7c8691094d52a97b4972d7f98645f49a39bfe1
                                                                                                                                                                                                    • Opcode Fuzzy Hash: c10b0ec6d8a1716373c4594016b158d4b4e2bf5790cbb1f15a9d43b973b4a336
                                                                                                                                                                                                    • Instruction Fuzzy Hash: B3715671D00229CBEF28CF98C844BADBBB1FF44305F11816AD856BB281C7795A56DF54
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00401E1B Relevance: 4.5, APIs: 3, Instructions: 48synchronizationCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                      • Part of subcall function 00404F04: lstrlenA.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\inetc.dll,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C4A,00000000,?), ref: 00404F3D
                                                                                                                                                                                                      • Part of subcall function 00404F04: lstrlenA.KERNEL32(00402C4A,Skipped: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\inetc.dll,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C4A,00000000), ref: 00404F4D
                                                                                                                                                                                                      • Part of subcall function 00404F04: lstrcatA.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\inetc.dll,00402C4A,00402C4A,Skipped: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\inetc.dll,00000000,00000000,00000000), ref: 00404F60
                                                                                                                                                                                                      • Part of subcall function 00404F04: SetWindowTextA.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\inetc.dll,Skipped: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\inetc.dll), ref: 00404F72
                                                                                                                                                                                                      • Part of subcall function 00404F04: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404F98
                                                                                                                                                                                                      • Part of subcall function 00404F04: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404FB2
                                                                                                                                                                                                      • Part of subcall function 00404F04: SendMessageA.USER32(?,00001013,?,00000000), ref: 00404FC0
                                                                                                                                                                                                      • Part of subcall function 004053C6: CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,004224A8,Error launching installer), ref: 004053EB
                                                                                                                                                                                                      • Part of subcall function 004053C6: CloseHandle.KERNEL32(?), ref: 004053F8
                                                                                                                                                                                                    • WaitForSingleObject.KERNEL32(?,00000064,00000000,000000EB,00000000), ref: 00401E55
                                                                                                                                                                                                    • GetExitCodeProcess.KERNEL32(?,?), ref: 00401E65
                                                                                                                                                                                                    • CloseHandle.KERNEL32(?,00000000,000000EB,00000000), ref: 00401E8A
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000003.00000002.3232527221.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000003.00000002.3231937854.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233147250.0000000000407000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000429000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3235230325.0000000000436000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_setup.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: MessageSend$CloseHandleProcesslstrlen$CodeCreateExitObjectSingleTextWaitWindowlstrcat
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3521207402-0
                                                                                                                                                                                                    • Opcode ID: 45ab694d93d3c8083ca874a04595ab13abe68012b6660c3dff7b3237667625b0
                                                                                                                                                                                                    • Instruction ID: 355628b0c836e6669011c6779fae97b23835f6d082b04fdd633ca662238f37b1
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 45ab694d93d3c8083ca874a04595ab13abe68012b6660c3dff7b3237667625b0
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 19019271D04215EBCF11AF91CD8599E7A75EB40358F20403BFA05B51E1C3794A82DBDE
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00402427 Relevance: 4.5, APIs: 3, Instructions: 44registryCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                      • Part of subcall function 00402B00: RegOpenKeyExA.KERNEL32(00000000,?,00000000,00000022,00000000,?,?), ref: 00402B28
                                                                                                                                                                                                    • RegEnumKeyA.ADVAPI32(00000000,00000000,?,000003FF), ref: 00402455
                                                                                                                                                                                                    • RegEnumValueA.ADVAPI32(00000000,00000000,?,?,?,?,?,?,00000003), ref: 00402468
                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nswE17E.tmp,00000000,?,?,?,00000000,?,?,?,00000011,00000002), ref: 0040247D
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000003.00000002.3232527221.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000003.00000002.3231937854.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233147250.0000000000407000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000429000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3235230325.0000000000436000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_setup.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Enum$CloseOpenValue
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 167947723-0
                                                                                                                                                                                                    • Opcode ID: 7ee753624dbf1d18677495706af09138f056117853e35c5539aac98112ad9ba3
                                                                                                                                                                                                    • Instruction ID: ca0bea074700aed3f6d5cd19b6a76ded14fd7da9354d4d4a85815760a07b6232
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7ee753624dbf1d18677495706af09138f056117853e35c5539aac98112ad9ba3
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 31F0A271A04201EFE715AF659E88EBB7A6CDB40398F10443FF406A61C0D6B85D42967A
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00402506 Relevance: 3.1, APIs: 2, Instructions: 79fileCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • ReadFile.KERNEL32(?,?,00000001,?,?,?,00000002), ref: 00402552
                                                                                                                                                                                                      • Part of subcall function 00405AC4: wsprintfA.USER32 ref: 00405AD1
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000003.00000002.3232527221.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000003.00000002.3231937854.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233147250.0000000000407000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000429000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3235230325.0000000000436000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_setup.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: FileReadwsprintf
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3326442220-0
                                                                                                                                                                                                    • Opcode ID: f09489efe15c3b80ce99059f114ac931b0952256192e953ec66e22e0d2490737
                                                                                                                                                                                                    • Instruction ID: 6cc84ed2bafa7cfa1e138a8cf3ad7e95c15831b5a897215fce06e49f2d1c7330
                                                                                                                                                                                                    • Opcode Fuzzy Hash: f09489efe15c3b80ce99059f114ac931b0952256192e953ec66e22e0d2490737
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6821F870D05259BFCF219F648E595EEBBB49B01304F14817BE881B63D2D1BC8A81C72D
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 0040583D Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetFileAttributesA.KERNEL32(00000003,00402CB5,C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exe,80000000,00000003), ref: 00405841
                                                                                                                                                                                                    • CreateFileA.KERNEL32(?,?,00000001,00000000,?,00000001,00000000), ref: 00405863
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000003.00000002.3232527221.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000003.00000002.3231937854.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233147250.0000000000407000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000429000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3235230325.0000000000436000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_setup.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: File$AttributesCreate
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 415043291-0
                                                                                                                                                                                                    • Opcode ID: 6d56aff3fab625e069b8f0f4beb3d6c68df7a2746e2dd21b0a72e0224e52029a
                                                                                                                                                                                                    • Instruction ID: 90a47e22fdd321f70bf06df01bfdefa11f3e73682391c7296034eb3a8fe04f39
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6d56aff3fab625e069b8f0f4beb3d6c68df7a2746e2dd21b0a72e0224e52029a
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8CD09E31658301AFEF098F20DD1AF2E7AA2EB84B00F10562CB646940E0D6715815DB16
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 0040581E Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetFileAttributesA.KERNEL32(?,00405629,?,?,?), ref: 00405822
                                                                                                                                                                                                    • SetFileAttributesA.KERNEL32(?,00000000), ref: 00405834
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000003.00000002.3232527221.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000003.00000002.3231937854.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233147250.0000000000407000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000429000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3235230325.0000000000436000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_setup.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: AttributesFile
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3188754299-0
                                                                                                                                                                                                    • Opcode ID: 499c41a265c8c72c251eb99c81a2d8ea197c0ca55525d81af5d9f53b6a62e1c9
                                                                                                                                                                                                    • Instruction ID: 89544605ef234ac14ed66c3b065a2d642d1346908a696065e0ba681aeed38476
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 499c41a265c8c72c251eb99c81a2d8ea197c0ca55525d81af5d9f53b6a62e1c9
                                                                                                                                                                                                    • Instruction Fuzzy Hash: F8C04CB1808501ABD7056B24EF0D81F7B66EF50325B108B35F5A9E00F0C7355C66DA1A
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00402B00 Relevance: 1.5, APIs: 1, Instructions: 22registryCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • RegOpenKeyExA.KERNEL32(00000000,?,00000000,00000022,00000000,?,?), ref: 00402B28
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000003.00000002.3232527221.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000003.00000002.3231937854.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233147250.0000000000407000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000429000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3235230325.0000000000436000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_setup.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Open
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 71445658-0
                                                                                                                                                                                                    • Opcode ID: b5dfad00fa1cd151fd60990f5b06a3c2bada7c6ed29f77274f64d0dacc55a64b
                                                                                                                                                                                                    • Instruction ID: c0cb2249de0b0b7c7cf81be38287cf815beb59390f5746c35b3b1e544e0707b9
                                                                                                                                                                                                    • Opcode Fuzzy Hash: b5dfad00fa1cd151fd60990f5b06a3c2bada7c6ed29f77274f64d0dacc55a64b
                                                                                                                                                                                                    • Instruction Fuzzy Hash: BFE08676640108BFDB50DFA4ED4BFD637ECB704340F008421B608D7091C678F5409B68
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 004031BF Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • ReadFile.KERNEL32(00409130,00000000,00000000,00000000,00413040,0040B040,004030C4,00413040,00004000,?,00000000,?,00402F4E,00000004,00000000,00000000), ref: 004031D6
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000003.00000002.3232527221.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000003.00000002.3231937854.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233147250.0000000000407000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000429000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3235230325.0000000000436000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_setup.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: FileRead
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2738559852-0
                                                                                                                                                                                                    • Opcode ID: 728267699a9b44ddad9e6e694247195ab13049bac6004c2e56fc09e99b3f0f19
                                                                                                                                                                                                    • Instruction ID: 4c5c04567c480c11bae84e94003d2882b37cb3083c3cc1db03504fe221b835f3
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 728267699a9b44ddad9e6e694247195ab13049bac6004c2e56fc09e99b3f0f19
                                                                                                                                                                                                    • Instruction Fuzzy Hash: DAE08631500119BBCF215E619C00A973B5CEB09362F008033FA04E9190D532DB109BA5
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00403F18 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • SetDlgItemTextA.USER32(?,?,00000000), ref: 00403F32
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000003.00000002.3232527221.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000003.00000002.3231937854.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233147250.0000000000407000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000429000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3235230325.0000000000436000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_setup.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ItemText
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3367045223-0
                                                                                                                                                                                                    • Opcode ID: 3e813572aabfc24dd457d3397d8ae2cb884b5dfcfb659632984281e934c33c5c
                                                                                                                                                                                                    • Instruction ID: 32956ba5a052c000d200729fffd4f2c944d874cb1110b62223aa4bdd109d9e57
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3e813572aabfc24dd457d3397d8ae2cb884b5dfcfb659632984281e934c33c5c
                                                                                                                                                                                                    • Instruction Fuzzy Hash: E4C08C31048200BFD241AB04CC42F1FB3A8EFA0327F00C92EB05CE00D2C634D420CE2A
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00403F64 Relevance: 1.5, APIs: 1, Instructions: 9windowCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • SendMessageA.USER32(00020506,00000000,00000000,00000000), ref: 00403F76
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000003.00000002.3232527221.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000003.00000002.3231937854.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233147250.0000000000407000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000429000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3235230325.0000000000436000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_setup.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: MessageSend
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3850602802-0
                                                                                                                                                                                                    • Opcode ID: 74a19277012f6d931596f598d2f6ffa2ec736fc7041dbb57cfa43a045af561dc
                                                                                                                                                                                                    • Instruction ID: 4934297729c285da13a483c37f1bad53b44c21571947472378d90217470b6476
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 74a19277012f6d931596f598d2f6ffa2ec736fc7041dbb57cfa43a045af561dc
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6CC04C71B442017AEA209F619D45F177B68A754701F5444657204A51D0C674E510D61D
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00403F4D Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • SendMessageA.USER32(00000028,?,00000001,00403D7E), ref: 00403F5B
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000003.00000002.3232527221.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000003.00000002.3231937854.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233147250.0000000000407000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000429000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3235230325.0000000000436000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_setup.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: MessageSend
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3850602802-0
                                                                                                                                                                                                    • Opcode ID: 5380ca26047a56ac044db27ec5452a3d407db4c462228856e9187df95d64c5b6
                                                                                                                                                                                                    • Instruction ID: 0662716cb4741bc9db58cdf5bc89cb1196afa115b106f7c4ea820954fb206898
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5380ca26047a56ac044db27ec5452a3d407db4c462228856e9187df95d64c5b6
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 17B09276685201BADA215B10DE09F457E62E764702F018064B204240B0C6B200A5DB09
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 004031F1 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • SetFilePointer.KERNEL32(00000000,00000000,00000000,00402E9D,0000B5E4), ref: 004031FF
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000003.00000002.3232527221.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000003.00000002.3231937854.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233147250.0000000000407000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000429000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3235230325.0000000000436000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_setup.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: FilePointer
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 973152223-0
                                                                                                                                                                                                    • Opcode ID: 2028dafccfaa88a297be93e7ba1f52e009ec02dcd94d5fd44c1761bf2bffe23e
                                                                                                                                                                                                    • Instruction ID: eafd0aff1283cdec3023edec91852d87283cefa69c9b21bce59c6677f93a42a7
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2028dafccfaa88a297be93e7ba1f52e009ec02dcd94d5fd44c1761bf2bffe23e
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 14B01271644200BFDB214F00DF06F057B21A790701F108030B344380F082712420EB1E
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00403F3A Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • KiUserCallbackDispatcher.NTDLL(?,00403D17), ref: 00403F44
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000003.00000002.3232527221.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000003.00000002.3231937854.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233147250.0000000000407000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000429000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3235230325.0000000000436000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_setup.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CallbackDispatcherUser
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2492992576-0
                                                                                                                                                                                                    • Opcode ID: 315e157356e8942ef3b8d7e2082c61631171d9164c942d8812de0ab912510814
                                                                                                                                                                                                    • Instruction ID: 218003202f2b1835e3bff4e9bf146b8b4f872d9b8cc4e3003fd48478f7f9154f
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 315e157356e8942ef3b8d7e2082c61631171d9164c942d8812de0ab912510814
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 09A002755051049BCA519B54DE048057A62A754701741C479B24551575C7315461EB6E
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Non-executed Functions

                                                                                                                                                                                                    Function 00404853 Relevance: 65.2, APIs: 33, Strings: 4, Instructions: 478windowmemoryCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetDlgItem.USER32(?,000003F9), ref: 0040486A
                                                                                                                                                                                                    • GetDlgItem.USER32(?,00000408), ref: 00404877
                                                                                                                                                                                                    • GlobalAlloc.KERNEL32(00000040,00000002), ref: 004048C3
                                                                                                                                                                                                    • LoadBitmapA.USER32(0000006E), ref: 004048D6
                                                                                                                                                                                                    • SetWindowLongA.USER32(?,000000FC,00404E54), ref: 004048F0
                                                                                                                                                                                                    • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404904
                                                                                                                                                                                                    • ImageList_AddMasked.COMCTL32(00000000,?,00FF00FF), ref: 00404918
                                                                                                                                                                                                    • SendMessageA.USER32(?,00001109,00000002), ref: 0040492D
                                                                                                                                                                                                    • SendMessageA.USER32(?,0000111C,00000000,00000000), ref: 00404939
                                                                                                                                                                                                    • SendMessageA.USER32(?,0000111B,00000010,00000000), ref: 0040494B
                                                                                                                                                                                                    • DeleteObject.GDI32(?), ref: 00404950
                                                                                                                                                                                                    • SendMessageA.USER32(?,00000143,00000000,00000000), ref: 0040497B
                                                                                                                                                                                                    • SendMessageA.USER32(?,00000151,00000000,00000000), ref: 00404987
                                                                                                                                                                                                    • SendMessageA.USER32(?,00001100,00000000,?), ref: 00404A1C
                                                                                                                                                                                                    • SendMessageA.USER32(?,0000110A,00000003,00000000), ref: 00404A47
                                                                                                                                                                                                    • SendMessageA.USER32(?,00001100,00000000,?), ref: 00404A5B
                                                                                                                                                                                                    • GetWindowLongA.USER32(?,000000F0), ref: 00404A8A
                                                                                                                                                                                                    • SetWindowLongA.USER32(?,000000F0,00000000), ref: 00404A98
                                                                                                                                                                                                    • ShowWindow.USER32(?,00000005), ref: 00404AA9
                                                                                                                                                                                                    • SendMessageA.USER32(?,00000419,00000000,?), ref: 00404BAC
                                                                                                                                                                                                    • SendMessageA.USER32(?,00000147,00000000,00000000), ref: 00404C11
                                                                                                                                                                                                    • SendMessageA.USER32(?,00000150,00000000,00000000), ref: 00404C26
                                                                                                                                                                                                    • SendMessageA.USER32(?,00000420,00000000,00000020), ref: 00404C4A
                                                                                                                                                                                                    • SendMessageA.USER32(?,00000200,00000000,00000000), ref: 00404C70
                                                                                                                                                                                                    • ImageList_Destroy.COMCTL32(?), ref: 00404C85
                                                                                                                                                                                                    • GlobalFree.KERNEL32(?), ref: 00404C95
                                                                                                                                                                                                    • SendMessageA.USER32(?,0000014E,00000000,00000000), ref: 00404D05
                                                                                                                                                                                                    • SendMessageA.USER32(?,00001102,00000410,?), ref: 00404DAE
                                                                                                                                                                                                    • SendMessageA.USER32(?,0000110D,00000000,00000008), ref: 00404DBD
                                                                                                                                                                                                    • InvalidateRect.USER32(?,00000000,00000001), ref: 00404DDD
                                                                                                                                                                                                    • ShowWindow.USER32(?,00000000), ref: 00404E2B
                                                                                                                                                                                                    • GetDlgItem.USER32(?,000003FE), ref: 00404E36
                                                                                                                                                                                                    • ShowWindow.USER32(00000000), ref: 00404E3D
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000003.00000002.3232527221.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000003.00000002.3231937854.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233147250.0000000000407000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000429000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3235230325.0000000000436000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_setup.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                                                                                                                                                    • String ID: $M$N$z}
                                                                                                                                                                                                    • API String ID: 1638840714-2821890837
                                                                                                                                                                                                    • Opcode ID: dede86c728acf6a11cc3ab5fbc78af527f28fbd96654b5baab0c469e43695f01
                                                                                                                                                                                                    • Instruction ID: 91af9d563adbb526dddc39620d8b288a2aea1bcbb5731436b9e02a5cfbe7d22d
                                                                                                                                                                                                    • Opcode Fuzzy Hash: dede86c728acf6a11cc3ab5fbc78af527f28fbd96654b5baab0c469e43695f01
                                                                                                                                                                                                    • Instruction Fuzzy Hash: AB029FB0E00209AFDB21DF54DD45AAE7BB5FB84315F10817AF610BA2E1C7799A42CF58
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00404356 Relevance: 23.0, APIs: 10, Strings: 3, Instructions: 266stringCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetDlgItem.USER32(?,000003FB), ref: 004043A2
                                                                                                                                                                                                    • SetWindowTextA.USER32(?,?), ref: 004043CF
                                                                                                                                                                                                    • SHBrowseForFolderA.SHELL32(?,0041F870,?), ref: 00404484
                                                                                                                                                                                                    • CoTaskMemFree.OLE32(00000000), ref: 0040448F
                                                                                                                                                                                                    • lstrcmpiA.KERNEL32(get,004204A0), ref: 004044C1
                                                                                                                                                                                                    • lstrcatA.KERNEL32(?,get), ref: 004044CD
                                                                                                                                                                                                    • SetDlgItemTextA.USER32(?,000003FB,?), ref: 004044DD
                                                                                                                                                                                                      • Part of subcall function 0040540B: GetDlgItemTextA.USER32(?,?,00000400,00404510), ref: 0040541E
                                                                                                                                                                                                      • Part of subcall function 00405DC8: CharNextA.USER32(?,*?|<>/":,00000000,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exe",C:\Users\user\AppData\Local\Temp\,00000000,00403214,C:\Users\user\AppData\Local\Temp\,00000000,00403386), ref: 00405E20
                                                                                                                                                                                                      • Part of subcall function 00405DC8: CharNextA.USER32(?,?,?,00000000), ref: 00405E2D
                                                                                                                                                                                                      • Part of subcall function 00405DC8: CharNextA.USER32(?,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exe",C:\Users\user\AppData\Local\Temp\,00000000,00403214,C:\Users\user\AppData\Local\Temp\,00000000,00403386), ref: 00405E32
                                                                                                                                                                                                      • Part of subcall function 00405DC8: CharPrevA.USER32(?,?,"C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exe",C:\Users\user\AppData\Local\Temp\,00000000,00403214,C:\Users\user\AppData\Local\Temp\,00000000,00403386), ref: 00405E42
                                                                                                                                                                                                    • GetDiskFreeSpaceA.KERNEL32(0041F468,?,?,0000040F,?,0041F468,0041F468,?,00000000,0041F468,?,?,000003FB,?), ref: 00404596
                                                                                                                                                                                                    • MulDiv.KERNEL32(?,0000040F,00000400), ref: 004045B1
                                                                                                                                                                                                    • SetDlgItemTextA.USER32(00000000,00000400,0041F458), ref: 0040462A
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000003.00000002.3232527221.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000003.00000002.3231937854.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233147250.0000000000407000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000429000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3235230325.0000000000436000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_setup.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpi
                                                                                                                                                                                                    • String ID: A$get$z}
                                                                                                                                                                                                    • API String ID: 2246997448-3348355775
                                                                                                                                                                                                    • Opcode ID: 6525314df4a180c9e7b66623ed26d8b7b6bbf618626a18de822d55977fdbc2f3
                                                                                                                                                                                                    • Instruction ID: fa341535892c43c3a67d7fcafb17cb6574160925603278dae289bcadb551eaae
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6525314df4a180c9e7b66623ed26d8b7b6bbf618626a18de822d55977fdbc2f3
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2D9170B1900218BBDB11AFA1CD84AAF7BB8EF45314F10847BF704B6291D77C9A41DB59
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00405B88 Relevance: 22.9, APIs: 8, Strings: 5, Instructions: 197stringCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetVersion.KERNEL32(00000000,Skipped: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\inetc.dll,00000000,00404F3C,Skipped: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\inetc.dll,00000000), ref: 00405C30
                                                                                                                                                                                                    • GetSystemDirectoryA.KERNEL32(get,00000400), ref: 00405CAB
                                                                                                                                                                                                    • GetWindowsDirectoryA.KERNEL32(get,00000400), ref: 00405CBE
                                                                                                                                                                                                    • SHGetSpecialFolderLocation.SHELL32(?,00000000), ref: 00405CFA
                                                                                                                                                                                                    • SHGetPathFromIDListA.SHELL32(00000000,get), ref: 00405D08
                                                                                                                                                                                                    • CoTaskMemFree.OLE32(00000000), ref: 00405D13
                                                                                                                                                                                                    • lstrcatA.KERNEL32(get,\Microsoft\Internet Explorer\Quick Launch), ref: 00405D35
                                                                                                                                                                                                    • lstrlenA.KERNEL32(get,00000000,Skipped: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\inetc.dll,00000000,00404F3C,Skipped: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\inetc.dll,00000000), ref: 00405D87
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000003.00000002.3232527221.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000003.00000002.3231937854.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233147250.0000000000407000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000429000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3235230325.0000000000436000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_setup.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskVersionWindowslstrcatlstrlen
                                                                                                                                                                                                    • String ID: Skipped: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\inetc.dll$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch$get$z}
                                                                                                                                                                                                    • API String ID: 900638850-977167704
                                                                                                                                                                                                    • Opcode ID: 855ce943f005fc76d33ba75c1c33b75b466f9e158227b928842345586457093f
                                                                                                                                                                                                    • Instruction ID: 2bb53c71d9fe9ef1e56bc14ab20fd8486271744d1d3ead2cb2ad614034e11287
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 855ce943f005fc76d33ba75c1c33b75b466f9e158227b928842345586457093f
                                                                                                                                                                                                    • Instruction Fuzzy Hash: D7510131A04A04AAEF205F64DC88B7B3BA4DF55324F14823BE911B62D0D33C59829E4E
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00402020 Relevance: 3.1, APIs: 2, Instructions: 134comCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • CoCreateInstance.OLE32(00407384,?,00000001,00407374,?,00000000,00000045,000000CD,00000002,000000DF,000000F0), ref: 00402073
                                                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(?,?,?,000000FF,00409368,00000400,?,00000001,00407374,?,00000000,00000045,000000CD,00000002,000000DF,000000F0), ref: 0040212D
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000003.00000002.3232527221.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000003.00000002.3231937854.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233147250.0000000000407000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000429000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3235230325.0000000000436000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_setup.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ByteCharCreateInstanceMultiWide
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 123533781-0
                                                                                                                                                                                                    • Opcode ID: 20f8b56c3263d051d76756f701b26ac218ff209cd135641c8178b13e20f06e8d
                                                                                                                                                                                                    • Instruction ID: 0b92ce9401c32f92a97655b67b17bc3e2e7042a2ba93bb40bff56c30807ccd12
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 20f8b56c3263d051d76756f701b26ac218ff209cd135641c8178b13e20f06e8d
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 94418E75A00205BFCB40DFA4CD88E9E7BBABF48354B204269FA15FB2D1CA799D41CB54
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 0040263E Relevance: 1.5, APIs: 1, Instructions: 29fileCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • FindFirstFileA.KERNEL32(00000000,?,00000002), ref: 0040264D
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000003.00000002.3232527221.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000003.00000002.3231937854.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233147250.0000000000407000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000429000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3235230325.0000000000436000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_setup.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: FileFindFirst
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1974802433-0
                                                                                                                                                                                                    • Opcode ID: fec3e59c21f88b2afe0d858e3cd58f666a30441cfee8bf2827fa80150cba7d73
                                                                                                                                                                                                    • Instruction ID: b3d2387cb92b068db8966d6a1439c3c253679041c8135bb289436d91baf53d0e
                                                                                                                                                                                                    • Opcode Fuzzy Hash: fec3e59c21f88b2afe0d858e3cd58f666a30441cfee8bf2827fa80150cba7d73
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 42F0A072A04201DBD700EBB49A89AEEB7789B51328F60067BE111F20C1C6B85A459B2E
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 6C54206C Relevance: 56.2, APIs: 22, Strings: 10, Instructions: 209stringwindowCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetTickCount.KERNEL32 ref: 6C54207E
                                                                                                                                                                                                    • GetTickCount.KERNEL32 ref: 6C542092
                                                                                                                                                                                                    • wsprintfA.USER32 ref: 6C5420D8
                                                                                                                                                                                                    • MulDiv.KERNEL32(00000064,00000000), ref: 6C5420FD
                                                                                                                                                                                                    • lstrlenA.KERNEL32(?, %d%%,00000000), ref: 6C542110
                                                                                                                                                                                                    • wsprintfA.USER32 ref: 6C54211E
                                                                                                                                                                                                    • SetWindowTextA.USER32(?,?), ref: 6C542137
                                                                                                                                                                                                    • SetDlgItemTextA.USER32(?,000003E9,059CE440), ref: 6C54215D
                                                                                                                                                                                                    • SetDlgItemTextA.USER32(?,000003EA,C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_2.exe), ref: 6C54216A
                                                                                                                                                                                                    • lstrcatA.KERNEL32(?, ( ), ref: 6C5421A7
                                                                                                                                                                                                    • lstrlenA.KERNEL32(?), ref: 6C5421B0
                                                                                                                                                                                                    • lstrcatA.KERNEL32(?,/sec ),00000000), ref: 6C5421DD
                                                                                                                                                                                                    • SetDlgItemTextA.USER32(?,000003EB,00000000), ref: 6C5421F8
                                                                                                                                                                                                    • wsprintfA.USER32 ref: 6C542229
                                                                                                                                                                                                    • SetDlgItemTextA.USER32(?,000003EF,?), ref: 6C54223F
                                                                                                                                                                                                    • SetDlgItemTextA.USER32(?,000003EE,?), ref: 6C542273
                                                                                                                                                                                                    • MulDiv.KERNEL32(00000190,00000000), ref: 6C542288
                                                                                                                                                                                                    • SendDlgItemMessageA.USER32(?,000003ED,00000402,00000000), ref: 6C54229A
                                                                                                                                                                                                    • MulDiv.KERNEL32(00000000,?,00000000), ref: 6C5422B8
                                                                                                                                                                                                    • wsprintfA.USER32 ref: 6C5422E4
                                                                                                                                                                                                    • GetDlgItem.USER32(?,000003EC), ref: 6C542303
                                                                                                                                                                                                    • SetWindowTextA.USER32(00000000), ref: 6C54230A
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000003.00000002.3254939774.000000006C541000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C540000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000003.00000002.3254884453.000000006C540000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3255017366.000000006C544000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3255091430.000000006C545000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3255174173.000000006C549000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c540000_setup.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ItemText$wsprintf$CountTickWindowlstrcatlstrlen$MessageSend
                                                                                                                                                                                                    • String ID: ( $ %d%%$%d:%02d:%02d$%s - %s$(XTl$/sec )$<$C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_2.exe$Inetc plug-in${m<
                                                                                                                                                                                                    • API String ID: 2899058848-3601793248
                                                                                                                                                                                                    • Opcode ID: 6465f3f6e204c751cd1405af999794b963e9907d36b1baea38f2e5c504e9f27e
                                                                                                                                                                                                    • Instruction ID: ee95912e9dcbbd2d84570420a41abaa75e0e34c7b3c31b0205c44cf45a261aec
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6465f3f6e204c751cd1405af999794b963e9907d36b1baea38f2e5c504e9f27e
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7471A171A00114ABEF15EFA5CC89FAE73BDFB45309F91C155F608E7580DB30AA988B64
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 6C542BEC Relevance: 49.2, APIs: 17, Strings: 11, Instructions: 204stringwindowCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetTickCount.KERNEL32 ref: 6C542BFB
                                                                                                                                                                                                    • GetTickCount.KERNEL32 ref: 6C542C16
                                                                                                                                                                                                    • MulDiv.KERNEL32(-6C545AD0,00000000,00000000), ref: 6C542C45
                                                                                                                                                                                                    • MulDiv.KERNEL32(00000064,00000000,00000000), ref: 6C542CAD
                                                                                                                                                                                                    • wsprintfA.USER32 ref: 6C542D02
                                                                                                                                                                                                    • lstrlenA.KERNEL32(6C548430, (%d %s%s remaining),00000000,?,6C544150), ref: 6C542D26
                                                                                                                                                                                                    • wsprintfA.USER32 ref: 6C542D2F
                                                                                                                                                                                                    • SetDlgItemTextA.USER32(000003E9,Connecting ...), ref: 6C542D59
                                                                                                                                                                                                    • MulDiv.KERNEL32(00000190,00000000,00000000), ref: 6C542D81
                                                                                                                                                                                                    • GetDlgItem.USER32(000003ED,00000402), ref: 6C542D98
                                                                                                                                                                                                    • SendMessageA.USER32(00000000), ref: 6C542D9B
                                                                                                                                                                                                    • wsprintfA.USER32 ref: 6C542DE1
                                                                                                                                                                                                    • GetDlgItem.USER32(000003EE), ref: 6C542DF1
                                                                                                                                                                                                    • IsWindow.USER32(00000000), ref: 6C542E03
                                                                                                                                                                                                    • GetWindowTextA.USER32(00000000,6C548830,00000400), ref: 6C542E19
                                                                                                                                                                                                    • lstrcmpA.KERNEL32(6C548830,6C548430), ref: 6C542E26
                                                                                                                                                                                                    • SetWindowTextA.USER32(00000000,6C548430), ref: 6C542E32
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000003.00000002.3254939774.000000006C541000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C540000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000003.00000002.3254884453.000000006C540000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3255017366.000000006C544000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3255091430.000000006C545000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3255174173.000000006C549000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c540000_setup.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ItemTextWindowwsprintf$CountTick$MessageSendlstrcmplstrlen
                                                                                                                                                                                                    • String ID: (%d %s%s remaining)$%dkB (%d%%) of %dkB @ %d.%01dkB/s$C:\Users\user\AppData\Local\Temp\nswE17E.tmp\set_2.exe$Connecting ...$Downloading %s$PATl$`UTl$hour$minute$second$UTl
                                                                                                                                                                                                    • API String ID: 3991246718-1229044860
                                                                                                                                                                                                    • Opcode ID: 4a3635bd0fc7ad206bbfd28d06c92cad288cca4003b1154cfd64dae7d4a893b5
                                                                                                                                                                                                    • Instruction ID: 20f68628e15fa73434ac56b935fd032d8fecc877de3e0452a55460c847e2ba69
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4a3635bd0fc7ad206bbfd28d06c92cad288cca4003b1154cfd64dae7d4a893b5
                                                                                                                                                                                                    • Instruction Fuzzy Hash: C0515072741220AFDB14AF658C8DF5A37B9EB4632EF96C224F918EB9C0D7309C118759
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 6C542317 Relevance: 38.8, APIs: 15, Strings: 7, Instructions: 310networkfilestringCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • InternetGetLastResponseInfoA.WININET(?,00000000,?), ref: 6C54235C
                                                                                                                                                                                                    • wsprintfA.USER32 ref: 6C542392
                                                                                                                                                                                                    • InternetGetLastResponseInfoA.WININET(?,?,00000100), ref: 6C5423EF
                                                                                                                                                                                                    • wsprintfA.USER32 ref: 6C542450
                                                                                                                                                                                                    • InternetGetLastResponseInfoA.WININET(?,?,00000100), ref: 6C5424B6
                                                                                                                                                                                                    • FtpOpenFileA.WININET(?,?,80000000,80000002,00000000), ref: 6C542514
                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 6C542525
                                                                                                                                                                                                    • InternetGetLastResponseInfoA.WININET(?,00000000,00000100), ref: 6C54254A
                                                                                                                                                                                                    • FtpCreateDirectoryA.WININET(?,?), ref: 6C5425AC
                                                                                                                                                                                                    • InternetGetLastResponseInfoA.WININET(?,00000000,00000100), ref: 6C5425C8
                                                                                                                                                                                                    • lstrlenA.KERNEL32(?), ref: 6C5425CB
                                                                                                                                                                                                    • FtpOpenFileA.WININET(?,?,40000000,80000002,00000000), ref: 6C542606
                                                                                                                                                                                                    • InternetGetLastResponseInfoA.WININET(?,00000000,00000100), ref: 6C542637
                                                                                                                                                                                                    • lstrcpynA.KERNEL32(-6C544FFC,00000000,00000020), ref: 6C542696
                                                                                                                                                                                                    • InternetGetLastResponseInfoA.WININET(?,?,00000100), ref: 6C5426E1
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000003.00000002.3254939774.000000006C541000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C540000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000003.00000002.3254884453.000000006C540000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3255017366.000000006C544000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3255091430.000000006C545000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3255174173.000000006C549000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c540000_setup.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Last$InfoInternetResponse$FileOpenwsprintf$CreateDirectoryErrorlstrcpynlstrlen
                                                                                                                                                                                                    • String ID: 110$213 $350$550$553$REST %d$SIZE %s
                                                                                                                                                                                                    • API String ID: 4277106199-1096291875
                                                                                                                                                                                                    • Opcode ID: c673abc371848a9b54c0879596edab0329bdaa41dd454b70f07ca365b7390a63
                                                                                                                                                                                                    • Instruction ID: bd50f3c4ea3a4705736f9fc57807ea5c210922c172913fd4740c86ca7b1d7944
                                                                                                                                                                                                    • Opcode Fuzzy Hash: c673abc371848a9b54c0879596edab0329bdaa41dd454b70f07ca365b7390a63
                                                                                                                                                                                                    • Instruction Fuzzy Hash: BBB116B1D00218EAEB15DBA1CC49FDB77BCEB09308F118456E514E7581EB74DA44CB64
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 6C542E3F Relevance: 35.1, APIs: 10, Strings: 10, Instructions: 124stringnetworkCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • HttpQueryInfoA.WININET(?,00000013,?,00000100,00000000), ref: 6C542E7E
                                                                                                                                                                                                    • lstrcmpA.KERNEL32(?,6C544154,00000000,?,?,00000000), ref: 6C542EA5
                                                                                                                                                                                                    • lstrcmpA.KERNEL32(?,401,?,?,00000000), ref: 6C542EC7
                                                                                                                                                                                                    • lstrcmpA.KERNEL32(?,403,?,?,00000000), ref: 6C542EE8
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000003.00000002.3254939774.000000006C541000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C540000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000003.00000002.3254884453.000000006C540000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3255017366.000000006C544000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3255091430.000000006C545000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3255174173.000000006C549000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c540000_setup.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: lstrcmp$HttpInfoQuery
                                                                                                                                                                                                    • String ID: (%s)$304$401$403$404$405$407$Redirection$Request Error$Server Error
                                                                                                                                                                                                    • API String ID: 386791786-4290795174
                                                                                                                                                                                                    • Opcode ID: 26a8bef85c46195a2e163b639471c4b1486791c34be2958bd2a081d3a1df129d
                                                                                                                                                                                                    • Instruction ID: eee2f2e9df42cf6ad3216974f037e799c27544aa9b07850689cad97265151d01
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 26a8bef85c46195a2e163b639471c4b1486791c34be2958bd2a081d3a1df129d
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 634193B094621CEBDF20DF55CD88FC67BBC9B1530DF808591A648D7900E3B0CA89AF64
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00401000 Relevance: 28.1, APIs: 14, Strings: 2, Instructions: 125COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • DefWindowProcA.USER32(?,00000046,?,?), ref: 0040102C
                                                                                                                                                                                                    • BeginPaint.USER32(?,?), ref: 00401047
                                                                                                                                                                                                    • GetClientRect.USER32(?,?), ref: 0040105B
                                                                                                                                                                                                    • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                                                                                                                                                                    • FillRect.USER32(00000000,?,00000000), ref: 004010E4
                                                                                                                                                                                                    • DeleteObject.GDI32(?), ref: 004010ED
                                                                                                                                                                                                    • CreateFontIndirectA.GDI32(?), ref: 00401105
                                                                                                                                                                                                    • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                                                                                                                                                                                    • SetTextColor.GDI32(00000000,?), ref: 00401130
                                                                                                                                                                                                    • SelectObject.GDI32(00000000,?), ref: 00401140
                                                                                                                                                                                                    • DrawTextA.USER32(00000000,Real Files,000000FF,00000010,00000820), ref: 00401156
                                                                                                                                                                                                    • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                                                                                                                                                                    • DeleteObject.GDI32(?), ref: 00401165
                                                                                                                                                                                                    • EndPaint.USER32(?,?), ref: 0040116E
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000003.00000002.3232527221.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000003.00000002.3231937854.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233147250.0000000000407000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000429000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3235230325.0000000000436000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_setup.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                                                                                                                                                    • String ID: F$Real Files
                                                                                                                                                                                                    • API String ID: 941294808-1878434166
                                                                                                                                                                                                    • Opcode ID: 1fa3053a276be56ef7da5d68adfba1d9971bfb9fa2beb597bf2db4fb963a824d
                                                                                                                                                                                                    • Instruction ID: 81477e3a2fde3fb3f26aa953fc06e347994717d76cab2c79682594c458f31f57
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1fa3053a276be56ef7da5d68adfba1d9971bfb9fa2beb597bf2db4fb963a824d
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8141BC71804249AFCB058FA4CD459BFBFB9FF44314F00802AF551AA1A0C378EA54DFA5
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 004058B4 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 144filememoryCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                      • Part of subcall function 00405E88: GetModuleHandleA.KERNEL32(?,?,00000000,0040327F,00000008), ref: 00405E9A
                                                                                                                                                                                                      • Part of subcall function 00405E88: LoadLibraryA.KERNEL32(?,?,00000000,0040327F,00000008), ref: 00405EA5
                                                                                                                                                                                                      • Part of subcall function 00405E88: GetProcAddress.KERNEL32(00000000,?), ref: 00405EB6
                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,?,00000000,00000001,00000001,?,00000000,?,?,00405649,?,00000000,000000F1,?), ref: 00405901
                                                                                                                                                                                                    • GetShortPathNameA.KERNEL32(?,00422630,00000400), ref: 0040590A
                                                                                                                                                                                                    • GetShortPathNameA.KERNEL32(00000000,004220A8,00000400), ref: 00405927
                                                                                                                                                                                                    • wsprintfA.USER32 ref: 00405945
                                                                                                                                                                                                    • GetFileSize.KERNEL32(00000000,00000000,004220A8,C0000000,00000004,004220A8,?,?,?,00000000,000000F1,?), ref: 00405980
                                                                                                                                                                                                    • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,00000000,000000F1,?), ref: 0040598F
                                                                                                                                                                                                    • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,?,00000000,000000F1,?), ref: 004059A5
                                                                                                                                                                                                    • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000,?,00421CA8,00000000,-0000000A,00409350,00000000,[Rename],?,?,00000000,000000F1,?), ref: 004059EB
                                                                                                                                                                                                    • WriteFile.KERNEL32(00000000,00000000,?,?,00000000,?,?,00000000,000000F1,?), ref: 004059FD
                                                                                                                                                                                                    • GlobalFree.KERNEL32(00000000), ref: 00405A04
                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,?,?,00000000,000000F1,?), ref: 00405A0B
                                                                                                                                                                                                      • Part of subcall function 004057B2: lstrlenA.KERNEL32(00000000,?,00000000,00000000,004059C0,00000000,[Rename],?,?,00000000,000000F1,?), ref: 004057B9
                                                                                                                                                                                                      • Part of subcall function 004057B2: lstrlenA.KERNEL32(00000000,00000000,?,00000000,00000000,004059C0,00000000,[Rename],?,?,00000000,000000F1,?), ref: 004057E9
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000003.00000002.3232527221.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000003.00000002.3231937854.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233147250.0000000000407000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000429000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3235230325.0000000000436000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_setup.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: File$Handle$CloseGlobalNamePathShortlstrlen$AddressAllocFreeLibraryLoadModulePointerProcReadSizeWritewsprintf
                                                                                                                                                                                                    • String ID: %s=%s$0&B$[Rename]
                                                                                                                                                                                                    • API String ID: 3772915668-951905037
                                                                                                                                                                                                    • Opcode ID: 0c179fa3417d280b53e5d95a4378c92fb06f2b6e7dc6de3d5fc3f6893b1dd3a2
                                                                                                                                                                                                    • Instruction ID: 8912a0e40cac8f66f34925055924fb713260e7a12edb00ecfb1cfbef244c1689
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0c179fa3417d280b53e5d95a4378c92fb06f2b6e7dc6de3d5fc3f6893b1dd3a2
                                                                                                                                                                                                    • Instruction Fuzzy Hash: D9411332B05B11BBD3216B61AD88F6B3A5CDB84715F140136FE05F22C2E678A801CEBD
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00405DC8 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 69COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • CharNextA.USER32(?,*?|<>/":,00000000,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exe",C:\Users\user\AppData\Local\Temp\,00000000,00403214,C:\Users\user\AppData\Local\Temp\,00000000,00403386), ref: 00405E20
                                                                                                                                                                                                    • CharNextA.USER32(?,?,?,00000000), ref: 00405E2D
                                                                                                                                                                                                    • CharNextA.USER32(?,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exe",C:\Users\user\AppData\Local\Temp\,00000000,00403214,C:\Users\user\AppData\Local\Temp\,00000000,00403386), ref: 00405E32
                                                                                                                                                                                                    • CharPrevA.USER32(?,?,"C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exe",C:\Users\user\AppData\Local\Temp\,00000000,00403214,C:\Users\user\AppData\Local\Temp\,00000000,00403386), ref: 00405E42
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000003.00000002.3232527221.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000003.00000002.3231937854.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233147250.0000000000407000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000429000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3235230325.0000000000436000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_setup.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Char$Next$Prev
                                                                                                                                                                                                    • String ID: "C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exe"$*?|<>/":$C:\Users\user\AppData\Local\Temp\
                                                                                                                                                                                                    • API String ID: 589700163-544370977
                                                                                                                                                                                                    • Opcode ID: d60fa47d96b079028a76cfcdb2d30976ede71f36b1f4f1e1bc9c50cb25bd2be5
                                                                                                                                                                                                    • Instruction ID: 3b6179abbfe29fc78842bf11aa846075366cc437f950451d76d565b88bc2b460
                                                                                                                                                                                                    • Opcode Fuzzy Hash: d60fa47d96b079028a76cfcdb2d30976ede71f36b1f4f1e1bc9c50cb25bd2be5
                                                                                                                                                                                                    • Instruction Fuzzy Hash: A0110861805B9129EB3227284C48BBB7F89CF66754F18447FD8C4722C2C67C5D429FAD
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00403F7F Relevance: 12.1, APIs: 8, Instructions: 61COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetWindowLongA.USER32(?,000000EB), ref: 00403F9C
                                                                                                                                                                                                    • GetSysColor.USER32(00000000), ref: 00403FB8
                                                                                                                                                                                                    • SetTextColor.GDI32(?,00000000), ref: 00403FC4
                                                                                                                                                                                                    • SetBkMode.GDI32(?,?), ref: 00403FD0
                                                                                                                                                                                                    • GetSysColor.USER32(?), ref: 00403FE3
                                                                                                                                                                                                    • SetBkColor.GDI32(?,?), ref: 00403FF3
                                                                                                                                                                                                    • DeleteObject.GDI32(?), ref: 0040400D
                                                                                                                                                                                                    • CreateBrushIndirect.GDI32(?), ref: 00404017
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000003.00000002.3232527221.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000003.00000002.3231937854.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233147250.0000000000407000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000429000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3235230325.0000000000436000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_setup.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2320649405-0
                                                                                                                                                                                                    • Opcode ID: 54c4c26d0880f537c7164b4e2121e342b47f232b14c6c2566c024284623f766e
                                                                                                                                                                                                    • Instruction ID: 4cc26f8bf5fc777f430f8318c3ba194748f169832e683f7fcd21add738ba3f9d
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 54c4c26d0880f537c7164b4e2121e342b47f232b14c6c2566c024284623f766e
                                                                                                                                                                                                    • Instruction Fuzzy Hash: C221C371904705ABCB209F78DD08B4BBBF8AF40711F048A29F992F26E0C738E904CB55
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 0040267C Relevance: 10.6, APIs: 7, Instructions: 89memoryfileCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GlobalAlloc.KERNEL32(00000040,0000B600,00000000,40000000,00000002,00000000,00000000,?,?,000000F0), ref: 004026D0
                                                                                                                                                                                                    • GlobalAlloc.KERNEL32(00000040,?,00000000,?,?,?,?,000000F0), ref: 004026EC
                                                                                                                                                                                                    • GlobalFree.KERNEL32(?), ref: 00402725
                                                                                                                                                                                                    • WriteFile.KERNEL32(FFFFFD66,00000000,?,FFFFFD66,?,?,?,?,000000F0), ref: 00402737
                                                                                                                                                                                                    • GlobalFree.KERNEL32(00000000), ref: 0040273E
                                                                                                                                                                                                    • CloseHandle.KERNEL32(FFFFFD66,?,?,000000F0), ref: 00402756
                                                                                                                                                                                                    • DeleteFileA.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,?,?,000000F0), ref: 0040276A
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000003.00000002.3232527221.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000003.00000002.3231937854.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233147250.0000000000407000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000429000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3235230325.0000000000436000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_setup.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Global$AllocFileFree$CloseDeleteHandleWrite
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3294113728-0
                                                                                                                                                                                                    • Opcode ID: b8defe13902d58a52973a2e3f60156d7c1400e5746f24ef4cd0721e59596b3c4
                                                                                                                                                                                                    • Instruction ID: 719c612f4f238206e278f6e296a81204df483451b361404a9b6a09c3536a307a
                                                                                                                                                                                                    • Opcode Fuzzy Hash: b8defe13902d58a52973a2e3f60156d7c1400e5746f24ef4cd0721e59596b3c4
                                                                                                                                                                                                    • Instruction Fuzzy Hash: F831AD71C00128BBDF216FA4CD89DAE7E79EF08364F10423AF920772E0C6795D419BA8
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 004047D3 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • SendMessageA.USER32(?,0000110A,00000009,00000000), ref: 004047EE
                                                                                                                                                                                                    • GetMessagePos.USER32 ref: 004047F6
                                                                                                                                                                                                    • ScreenToClient.USER32(?,?), ref: 00404810
                                                                                                                                                                                                    • SendMessageA.USER32(?,00001111,00000000,?), ref: 00404822
                                                                                                                                                                                                    • SendMessageA.USER32(?,0000110C,00000000,?), ref: 00404848
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000003.00000002.3232527221.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000003.00000002.3231937854.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233147250.0000000000407000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000429000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3235230325.0000000000436000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_setup.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Message$Send$ClientScreen
                                                                                                                                                                                                    • String ID: f
                                                                                                                                                                                                    • API String ID: 41195575-1993550816
                                                                                                                                                                                                    • Opcode ID: 2a5698d5089c35727aab5c3c5da7bcfb0b51a0b1d2cb1bbeaafe9db8233e3477
                                                                                                                                                                                                    • Instruction ID: 01d6173a61c3c3b4b037133c9a52f1e04ee3049876a8ff08b59bebc5d15cf036
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2a5698d5089c35727aab5c3c5da7bcfb0b51a0b1d2cb1bbeaafe9db8233e3477
                                                                                                                                                                                                    • Instruction Fuzzy Hash: BA018075D40218BADB00DB94CC41BFEBBBCAB55711F10412ABB00B61C0C3B46501CB95
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00402B3B Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 36timeCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402B56
                                                                                                                                                                                                    • wsprintfA.USER32 ref: 00402B8A
                                                                                                                                                                                                    • SetWindowTextA.USER32(?,?), ref: 00402B9A
                                                                                                                                                                                                    • SetDlgItemTextA.USER32(?,00000406,?), ref: 00402BAC
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000003.00000002.3232527221.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000003.00000002.3231937854.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233147250.0000000000407000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000429000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3235230325.0000000000436000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_setup.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Text$ItemTimerWindowwsprintf
                                                                                                                                                                                                    • String ID: unpacking data: %d%%$verifying installer: %d%%
                                                                                                                                                                                                    • API String ID: 1451636040-1158693248
                                                                                                                                                                                                    • Opcode ID: a19141f3df1e0a3c8b8c2abcbd515ef60a2dd56e778219f0b9cb34bd20a9fb2d
                                                                                                                                                                                                    • Instruction ID: 39266fd7d8b3d51d4259f470751267aa52f8e49dbca779dff7f29341b6a717b4
                                                                                                                                                                                                    • Opcode Fuzzy Hash: a19141f3df1e0a3c8b8c2abcbd515ef60a2dd56e778219f0b9cb34bd20a9fb2d
                                                                                                                                                                                                    • Instruction Fuzzy Hash: AFF03671900109ABEF255F51DD0ABEE3779FB00305F008036FA05B51D1D7F9AA559F99
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 6C5415E6 Relevance: 10.5, APIs: 2, Strings: 5, Instructions: 33stringCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • lstrcpyA.KERNEL32(d"Tl,6C544154,?,6C542264,00000000,?), ref: 6C541604
                                                                                                                                                                                                    • wsprintfA.USER32 ref: 6C541639
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000003.00000002.3254939774.000000006C541000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C540000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000003.00000002.3254884453.000000006C540000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3255017366.000000006C544000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3255091430.000000006C545000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3255174173.000000006C549000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c540000_setup.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: lstrcpywsprintf
                                                                                                                                                                                                    • String ID: %u MB$%u bytes$%u kB$???$d"Tl
                                                                                                                                                                                                    • API String ID: 2408954437-3089180581
                                                                                                                                                                                                    • Opcode ID: 3254a9d3ce543ea67e3699ce436e882d10e9fcd0580f07ec2567ed054a3a4594
                                                                                                                                                                                                    • Instruction ID: 113583a33aaeae4f70c38e572a84a16bec20e16cffe1e2db982bff291f9aa7b4
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3254a9d3ce543ea67e3699ce436e882d10e9fcd0580f07ec2567ed054a3a4594
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 79F039700C8408BADB145D18AC4495A3778AB0132EF19CF11F81AE4D91D721C9708509
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 6C5410AE Relevance: 9.1, APIs: 6, Instructions: 81COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetParent.USER32(?), ref: 6C5410B7
                                                                                                                                                                                                    • GetWindowRect.USER32(00000000,?), ref: 6C5410E9
                                                                                                                                                                                                    • GetClientRect.USER32(00000000,?), ref: 6C5410ED
                                                                                                                                                                                                    • GetWindowRect.USER32(?,?), ref: 6C5410FA
                                                                                                                                                                                                    • SystemParametersInfoA.USER32(00000030,00000000,?,00000000), ref: 6C54113C
                                                                                                                                                                                                    • SetWindowPos.USER32(?,00000000,?,?,00000000,00000000,00000001), ref: 6C541178
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000003.00000002.3254939774.000000006C541000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C540000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000003.00000002.3254884453.000000006C540000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3255017366.000000006C544000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3255091430.000000006C545000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3255174173.000000006C549000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c540000_setup.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: RectWindow$ClientInfoParametersParentSystem
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1395677574-0
                                                                                                                                                                                                    • Opcode ID: 6b1f2828819a937d80480d38b944d8d6583723c7a36af69bf54d3afa2b87e839
                                                                                                                                                                                                    • Instruction ID: 6fe2e75f04718e8c66d41ae010a0c2afb8b7858518e80b012de6770774f3577a
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6b1f2828819a937d80480d38b944d8d6583723c7a36af69bf54d3afa2b87e839
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 13214D72A40119EFDF00EEE8CD89BDEBBBAEB49305F168164E905B7180D770A954CB64
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 6C543B3F Relevance: 9.0, APIs: 2, Strings: 4, Instructions: 11stringCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • lstrcpyA.KERNEL32(Downloading %s,Uploading %s), ref: 6C543B53
                                                                                                                                                                                                    • lstrcpyA.KERNEL32(Downloading,Uploading), ref: 6C543B63
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000003.00000002.3254939774.000000006C541000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C540000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000003.00000002.3254884453.000000006C540000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3255017366.000000006C544000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3255091430.000000006C545000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3255174173.000000006C549000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c540000_setup.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: lstrcpy
                                                                                                                                                                                                    • String ID: Downloading$Downloading %s$Uploading$Uploading %s
                                                                                                                                                                                                    • API String ID: 3722407311-2813864553
                                                                                                                                                                                                    • Opcode ID: 2207764c9bea03e4a6cdbc407df08a7a241bb3b4472e949f04fe6d8e6ee767a2
                                                                                                                                                                                                    • Instruction ID: 91d2faae97969d98ec4f2ab080a9942099a69cff95af26e5acdb26744996fd6a
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2207764c9bea03e4a6cdbc407df08a7a241bb3b4472e949f04fe6d8e6ee767a2
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2AC012301C4244ABCB00AAA59C4AF263A64A30B34FB85C850A20A1AC4287556410C3AA
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00403978 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 71COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • SetWindowTextA.USER32(00000000,Real Files), ref: 00403A10
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000003.00000002.3232527221.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000003.00000002.3231937854.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233147250.0000000000407000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000429000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3235230325.0000000000436000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_setup.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: TextWindow
                                                                                                                                                                                                    • String ID: 1033$C:\Users\user\AppData\Local\Temp\$Real Files$z}
                                                                                                                                                                                                    • API String ID: 530164218-1105899197
                                                                                                                                                                                                    • Opcode ID: defed7287a9455a29b24b67e45bb8aa9d1031aed7a359321573c6b72916d69ed
                                                                                                                                                                                                    • Instruction ID: 09623374405f0611f065d620c03919b516a5f167df25bc0d5edc66fe9dc562c0
                                                                                                                                                                                                    • Opcode Fuzzy Hash: defed7287a9455a29b24b67e45bb8aa9d1031aed7a359321573c6b72916d69ed
                                                                                                                                                                                                    • Instruction Fuzzy Hash: F611C2B1B005109BC730DF15D880A73767DEB84716369413BE94167391C77EAE028E58
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00402303 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 71registrystringCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • RegCreateKeyExA.ADVAPI32(00000000,00000000,?,?,?,00000000,?,?,?,00000011,00000002), ref: 00402341
                                                                                                                                                                                                    • lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\nswE17E.tmp,00000023,?,?,?,00000000,?,?,?,00000011,00000002), ref: 00402361
                                                                                                                                                                                                    • RegSetValueExA.ADVAPI32(?,?,?,?,C:\Users\user\AppData\Local\Temp\nswE17E.tmp,00000000,?,?,?,00000000,?,?,?,00000011,00000002), ref: 0040239A
                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nswE17E.tmp,00000000,?,?,?,00000000,?,?,?,00000011,00000002), ref: 0040247D
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000003.00000002.3232527221.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000003.00000002.3231937854.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233147250.0000000000407000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000429000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3235230325.0000000000436000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_setup.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CloseCreateValuelstrlen
                                                                                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\nswE17E.tmp
                                                                                                                                                                                                    • API String ID: 1356686001-2139449784
                                                                                                                                                                                                    • Opcode ID: 271707f578e5353a3fbe2519cc7d62c3cf42ff78cad1b3e4df9531e7eebe3039
                                                                                                                                                                                                    • Instruction ID: d7b132d9018d44432a73f3315d2b91b6aa1600c7a927e9fa70905f900517fa5a
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 271707f578e5353a3fbe2519cc7d62c3cf42ff78cad1b3e4df9531e7eebe3039
                                                                                                                                                                                                    • Instruction Fuzzy Hash: BA1160B1E00209BFEB10AFA0DE49EAF767CFB54398F10413AF905B61D0D7B85D019669
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00401D1B Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 34COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetDC.USER32(?), ref: 00401D22
                                                                                                                                                                                                    • GetDeviceCaps.GDI32(00000000), ref: 00401D29
                                                                                                                                                                                                    • MulDiv.KERNEL32(00000000,00000002,00000000), ref: 00401D38
                                                                                                                                                                                                    • CreateFontIndirectA.GDI32(0040AF74), ref: 00401D8A
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000003.00000002.3232527221.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000003.00000002.3231937854.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233147250.0000000000407000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000429000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3235230325.0000000000436000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_setup.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CapsCreateDeviceFontIndirect
                                                                                                                                                                                                    • String ID: MS Shell Dlg
                                                                                                                                                                                                    • API String ID: 3272661963-76309092
                                                                                                                                                                                                    • Opcode ID: 2c6a9fd6684e48c72e8170f31dde3613139c4976fc228405473ba1f45ca6ba00
                                                                                                                                                                                                    • Instruction ID: d83410998d1654a5337f8c322709d39cf2ce3a8a4f0330bc6585c9693e616625
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2c6a9fd6684e48c72e8170f31dde3613139c4976fc228405473ba1f45ca6ba00
                                                                                                                                                                                                    • Instruction Fuzzy Hash: E1F044F1A45342AEE7016770AE0ABA93B649725306F100576F541BA1E2C5BC10149B7F
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00402A36 Relevance: 7.6, APIs: 5, Instructions: 67registryCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • RegOpenKeyExA.ADVAPI32(?,?,00000000,00000000,?), ref: 00402A57
                                                                                                                                                                                                    • RegEnumKeyA.ADVAPI32(?,00000000,?,00000105), ref: 00402A93
                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 00402A9C
                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 00402AC1
                                                                                                                                                                                                    • RegDeleteKeyA.ADVAPI32(?,?), ref: 00402ADF
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000003.00000002.3232527221.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000003.00000002.3231937854.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233147250.0000000000407000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000429000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3235230325.0000000000436000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_setup.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Close$DeleteEnumOpen
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1912718029-0
                                                                                                                                                                                                    • Opcode ID: 90165163457562f2d2db0d0e016cf4740f9c141c2854e05e69f214c53397e3bf
                                                                                                                                                                                                    • Instruction ID: 3ec7b1818cbfc33efeafaf7017db19c7c479205e5d6f4ff66fb244667a93d6f3
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 90165163457562f2d2db0d0e016cf4740f9c141c2854e05e69f214c53397e3bf
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 93112971A00009FFDF319F90DE49EAF7B7DEB44385B104436F905A10A0DBB59E51AE69
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00401CC1 Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetDlgItem.USER32(?), ref: 00401CC5
                                                                                                                                                                                                    • GetClientRect.USER32(00000000,?), ref: 00401CD2
                                                                                                                                                                                                    • LoadImageA.USER32(?,00000000,?,?,?,?), ref: 00401CF3
                                                                                                                                                                                                    • SendMessageA.USER32(00000000,00000172,?,00000000), ref: 00401D01
                                                                                                                                                                                                    • DeleteObject.GDI32(00000000), ref: 00401D10
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000003.00000002.3232527221.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000003.00000002.3231937854.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233147250.0000000000407000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000429000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3235230325.0000000000436000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_setup.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1849352358-0
                                                                                                                                                                                                    • Opcode ID: 70cca8153c69b2e132429069c22b9ddf05dbb7ba62a9a7cfa9b79a9bcebcea9b
                                                                                                                                                                                                    • Instruction ID: de7316f9b9f1bcc3f0c1dff9ae5dc63c91f1472c52c052d8cf8a0da7f27950be
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 70cca8153c69b2e132429069c22b9ddf05dbb7ba62a9a7cfa9b79a9bcebcea9b
                                                                                                                                                                                                    • Instruction Fuzzy Hash: D5F01DB2E04105BFD700EFA4EE89DAFB7BDEB44345B104576F602F2190C6789D018B69
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 004046F1 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78stringCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • lstrlenA.KERNEL32(004204A0,004204A0,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,00404611,000000DF,0000040F,00000400,00000000), ref: 0040477F
                                                                                                                                                                                                    • wsprintfA.USER32 ref: 00404787
                                                                                                                                                                                                    • SetDlgItemTextA.USER32(?,004204A0), ref: 0040479A
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000003.00000002.3232527221.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000003.00000002.3231937854.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233147250.0000000000407000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000429000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3235230325.0000000000436000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_setup.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ItemTextlstrlenwsprintf
                                                                                                                                                                                                    • String ID: %u.%u%s%s
                                                                                                                                                                                                    • API String ID: 3540041739-3551169577
                                                                                                                                                                                                    • Opcode ID: 900e3a4788bbcdb5831f4eb4ea085b1ecc54347093cfae2cf180548b061950ae
                                                                                                                                                                                                    • Instruction ID: e1128f73888b2767c9277aed1687fd20c93e739cc52df1aac9c0a45a5a8dde9d
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 900e3a4788bbcdb5831f4eb4ea085b1ecc54347093cfae2cf180548b061950ae
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7311E2736001243BDB10666D9C46EEF3699DBC6335F14423BFA25F61D1E938AC5286A8
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00405659 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • lstrlenA.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,00403226,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403386), ref: 0040565F
                                                                                                                                                                                                    • CharPrevA.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,00403226,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403386), ref: 00405668
                                                                                                                                                                                                    • lstrcatA.KERNEL32(?,00409010), ref: 00405679
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • C:\Users\user\AppData\Local\Temp\, xrefs: 00405659
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000003.00000002.3232527221.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000003.00000002.3231937854.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233147250.0000000000407000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000429000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3235230325.0000000000436000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_setup.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CharPrevlstrcatlstrlen
                                                                                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                                                                                                                                    • API String ID: 2659869361-823278215
                                                                                                                                                                                                    • Opcode ID: f17b2ccdaa8efd10834e0f4341d4d5b977b2bb6e8559feba5c8cad9ccc1df0ef
                                                                                                                                                                                                    • Instruction ID: d5422d5486d5b384c4dcc02911800b35c31fcf4388d9dde419d5dff5703c7688
                                                                                                                                                                                                    • Opcode Fuzzy Hash: f17b2ccdaa8efd10834e0f4341d4d5b977b2bb6e8559feba5c8cad9ccc1df0ef
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8BD05272605A202ED2022A258C05E9B7A28CF06311B044866B540B2292C6386D818AEE
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00401EC5 Relevance: 6.1, APIs: 4, Instructions: 54memoryCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetFileVersionInfoSizeA.VERSION(00000000,?,000000EE), ref: 00401ED4
                                                                                                                                                                                                    • GlobalAlloc.KERNEL32(00000040,00000000,00000000,?,000000EE), ref: 00401EF2
                                                                                                                                                                                                    • GetFileVersionInfoA.VERSION(?,?,?,00000000), ref: 00401F0B
                                                                                                                                                                                                    • VerQueryValueA.VERSION(?,00409010,?,?,?,?,?,00000000), ref: 00401F24
                                                                                                                                                                                                      • Part of subcall function 00405AC4: wsprintfA.USER32 ref: 00405AD1
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000003.00000002.3232527221.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000003.00000002.3231937854.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233147250.0000000000407000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000429000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3235230325.0000000000436000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_setup.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: FileInfoVersion$AllocGlobalQuerySizeValuewsprintf
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1404258612-0
                                                                                                                                                                                                    • Opcode ID: be50ba22476c795dccddfbd46c0b19e6aec7ed87346bdfd2eed6167faf837e67
                                                                                                                                                                                                    • Instruction ID: 178fa6cf4330108057832d0c189c0e5a27020503733a18e797ef1cc5e9d7aef6
                                                                                                                                                                                                    • Opcode Fuzzy Hash: be50ba22476c795dccddfbd46c0b19e6aec7ed87346bdfd2eed6167faf837e67
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 52113A71A00108BEDB01EFA5DD819AEBBB9EB48344B20853AF501F61E1D7389A54DB28
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00404E54 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58windowCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • IsWindowVisible.USER32(?), ref: 00404E8A
                                                                                                                                                                                                    • CallWindowProcA.USER32(?,00000200,?,?), ref: 00404EF8
                                                                                                                                                                                                      • Part of subcall function 00403F64: SendMessageA.USER32(00020506,00000000,00000000,00000000), ref: 00403F76
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000003.00000002.3232527221.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000003.00000002.3231937854.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233147250.0000000000407000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000429000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3235230325.0000000000436000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_setup.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Window$CallMessageProcSendVisible
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3748168415-3916222277
                                                                                                                                                                                                    • Opcode ID: 1a28ca64547386e1a64dd11c64f6ae458e1df03769ff3acb3952d776ac0a4b66
                                                                                                                                                                                                    • Instruction ID: 62f3a1a08e098275047049d4f9968a6b4933f6b7f921e7009373277d82a30415
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1a28ca64547386e1a64dd11c64f6ae458e1df03769ff3acb3952d776ac0a4b66
                                                                                                                                                                                                    • Instruction Fuzzy Hash: D1116D71900208BBDB21AF52DC4499B3669FB84369F00803BF6047A2E2C37C5A519BAD
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 004024BE Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34filestringCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • lstrlenA.KERNEL32(00000000,00000011), ref: 004024DC
                                                                                                                                                                                                    • WriteFile.KERNEL32(00000000,?,C:\Users\user\AppData\Local\Temp\nswE17E.tmp\inetc.dll,00000000,?,?,00000000,00000011), ref: 004024FB
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • C:\Users\user\AppData\Local\Temp\nswE17E.tmp\inetc.dll, xrefs: 004024CA, 004024EF
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000003.00000002.3232527221.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000003.00000002.3231937854.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233147250.0000000000407000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000429000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3235230325.0000000000436000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_setup.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: FileWritelstrlen
                                                                                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\nswE17E.tmp\inetc.dll
                                                                                                                                                                                                    • API String ID: 427699356-214552489
                                                                                                                                                                                                    • Opcode ID: 02a15bd42c28bed1fb8554f3d16374f042fc662dbffd218bbabce7ee12e12458
                                                                                                                                                                                                    • Instruction ID: 2c1f07a632d72534084a5ac00d75746702f795d1104bf50e8da4b719a2e94720
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 02a15bd42c28bed1fb8554f3d16374f042fc662dbffd218bbabce7ee12e12458
                                                                                                                                                                                                    • Instruction Fuzzy Hash: BCF08972A44245FFD710EBB19E49EAF7668DB00348F14443BB142F51C2D6FC5982976D
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 0040361A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • FreeLibrary.KERNEL32(?,"C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exe",00000000,75922EE0,004035F1,00000000,0040342D,00000000), ref: 00403634
                                                                                                                                                                                                    • GlobalFree.KERNEL32(00000000), ref: 0040363B
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • "C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exe", xrefs: 0040362C
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000003.00000002.3232527221.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000003.00000002.3231937854.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233147250.0000000000407000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000429000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3235230325.0000000000436000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_setup.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Free$GlobalLibrary
                                                                                                                                                                                                    • String ID: "C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exe"
                                                                                                                                                                                                    • API String ID: 1100898210-4090255334
                                                                                                                                                                                                    • Opcode ID: 594683390acbace1feb38ee5af495b240e475f157c4d409b541952378f73dbd9
                                                                                                                                                                                                    • Instruction ID: 07f203a12dc211ea1540440f4769086933c1ddaa55d0411da1bb29b7fd771b51
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 594683390acbace1feb38ee5af495b240e475f157c4d409b541952378f73dbd9
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8FE08C32804420ABC6216F55EC0579A7768AB48B22F028536E900BB3A083743C464BDC
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 004056A0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • lstrlenA.KERNEL32(80000000,C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp,00402CDE,C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp,C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp,C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exe,C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exe,80000000,00000003), ref: 004056A6
                                                                                                                                                                                                    • CharPrevA.USER32(80000000,00000000,80000000,C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp,00402CDE,C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp,C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp,C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exe,C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp\setup.exe,80000000,00000003), ref: 004056B4
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp, xrefs: 004056A0
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000003.00000002.3232527221.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000003.00000002.3231937854.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233147250.0000000000407000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000429000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3235230325.0000000000436000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_setup.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CharPrevlstrlen
                                                                                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\is-R6SMS.tmp
                                                                                                                                                                                                    • API String ID: 2709904686-2244684809
                                                                                                                                                                                                    • Opcode ID: 49376fbf8c9c30057c1bc985cc011eea510fd351d3a644e674ee9e82abf7fe19
                                                                                                                                                                                                    • Instruction ID: 6658d1b0ab05e5211e75f0b74aef41c49d7b43cb9628f8e009f88ad9fa15a52a
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 49376fbf8c9c30057c1bc985cc011eea510fd351d3a644e674ee9e82abf7fe19
                                                                                                                                                                                                    • Instruction Fuzzy Hash: C5D0A772409DB02EF30352108C04B8F7A98CF17300F0948A2E440E21D0C27C5C818FFD
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 004057B2 Relevance: 5.0, APIs: 4, Instructions: 30stringCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • lstrlenA.KERNEL32(00000000,?,00000000,00000000,004059C0,00000000,[Rename],?,?,00000000,000000F1,?), ref: 004057B9
                                                                                                                                                                                                    • lstrcmpiA.KERNEL32(00000000,00000000), ref: 004057D2
                                                                                                                                                                                                    • CharNextA.USER32(00000000,?,?,00000000,000000F1,?), ref: 004057E0
                                                                                                                                                                                                    • lstrlenA.KERNEL32(00000000,00000000,?,00000000,00000000,004059C0,00000000,[Rename],?,?,00000000,000000F1,?), ref: 004057E9
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000003.00000002.3232527221.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000003.00000002.3231937854.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233147250.0000000000407000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3233642760.0000000000429000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.3235230325.0000000000436000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_setup.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: lstrlen$CharNextlstrcmpi
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 190613189-0
                                                                                                                                                                                                    • Opcode ID: 0108cf067d6f6d80c8ed850288af8a4b3b9133f156f8bdff26d83f0dd252fb59
                                                                                                                                                                                                    • Instruction ID: 042c172281cf084eebf1820456e7eb749b121a10276c912c68532230cfd8689c
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0108cf067d6f6d80c8ed850288af8a4b3b9133f156f8bdff26d83f0dd252fb59
                                                                                                                                                                                                    • Instruction Fuzzy Hash: BBF0A736249D51DBC2029B295C44E6FBEA4EF95355F14057EF440F3180D335AC11ABBB
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Execution Graph

                                                                                                                                                                                                    Execution Coverage:18.7%
                                                                                                                                                                                                    Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                    Signature Coverage:4.7%
                                                                                                                                                                                                    Total number of Nodes:1777
                                                                                                                                                                                                    Total number of Limit Nodes:20
                                                                                                                                                                                                    execution_graph 9262 41276d 9263 4124f8 4 API calls 9262->9263 9264 412791 9263->9264 9265 412740 18 API calls 9264->9265 9266 41279d 9265->9266 9267 40dcb6 12 API calls 9266->9267 9268 4127a5 9267->9268 8183 409a10 8186 4096a0 8183->8186 8185 409a5c 8187 4096b5 8186->8187 8188 4099fa 8186->8188 8187->8188 8211 40ce92 8187->8211 8188->8185 8191 4096d3 8191->8185 8192 40ce92 49 API calls 8193 4096ee 8192->8193 8193->8191 8194 40ce92 49 API calls 8193->8194 8195 409701 8194->8195 8195->8191 8196 40ce92 49 API calls 8195->8196 8197 409717 8196->8197 8198 40971b 8197->8198 8217 40d0b7 8197->8217 8198->8185 8200 409741 8200->8185 8201 40973d 8201->8200 8223 409520 8201->8223 8203 4097af 8204 4099c6 8203->8204 8206 4099b3 8203->8206 8209 40ced6 6 API calls 8203->8209 8210 40d1a6 118 API calls 8203->8210 8227 409570 8203->8227 8234 40d18a 8204->8234 8206->8185 8207 4099cd 8207->8185 8209->8203 8210->8203 8212 40cea1 8211->8212 8213 4096cf 8212->8213 8238 40ce59 8212->8238 8213->8191 8213->8192 8218 40d0c6 8217->8218 8220 40d0e0 8218->8220 8457 40d066 8218->8457 8220->8201 8222 402765 48 API calls 8222->8220 8224 409529 8223->8224 8226 40956a 8224->8226 8460 40cf3f 8224->8460 8226->8203 8230 4095d4 8227->8230 8231 409588 8227->8231 8228 4095b2 8228->8203 8229 409600 8229->8203 8230->8229 8232 40cf3f 6 API calls 8230->8232 8231->8228 8233 40cf3f 6 API calls 8231->8233 8232->8229 8233->8228 8235 40d18f 8234->8235 8236 40d1a2 8235->8236 8499 40d0f9 8235->8499 8236->8207 8246 401d26 8238->8246 8241 402765 8249 4026fb 8241->8249 8244 402773 8244->8213 8245 402774 VirtualAlloc 8245->8213 8247 401d2d VirtualFree 8246->8247 8248 401d3e 8246->8248 8247->8248 8248->8241 8250 40270b 8249->8250 8256 402707 8249->8256 8251 40271b GlobalMemoryStatusEx 8250->8251 8250->8256 8252 402729 8251->8252 8251->8256 8252->8256 8257 4021b3 8252->8257 8256->8244 8256->8245 8258 4021ca 8257->8258 8259 4021f1 8258->8259 8260 4021fb GetLastError wsprintfW GetEnvironmentVariableW GetLastError 8258->8260 8277 408d65 8259->8277 8261 402233 ??2@YAPAXI GetEnvironmentVariableW 8260->8261 8262 4022ab SetLastError 8260->8262 8264 402294 ??3@YAXPAX 8261->8264 8265 402262 GetLastError 8261->8265 8262->8259 8263 4022c2 8262->8263 8266 4022e1 lstrlenA ??2@YAPAXI 8263->8266 8286 40215d 8263->8286 8273 402297 8264->8273 8265->8264 8267 402268 8265->8267 8270 402312 GetLocaleInfoW 8266->8270 8271 40234c MultiByteToWideChar 8266->8271 8272 402272 lstrcmpiW 8267->8272 8267->8273 8270->8271 8275 402339 _wtol 8270->8275 8271->8259 8272->8264 8276 402281 ??3@YAXPAX 8272->8276 8273->8262 8274 4022d7 8274->8266 8275->8271 8276->8273 8293 407cb6 8277->8293 8280 408d8a IsBadReadPtr 8282 408d9c 8280->8282 8298 407d17 8282->8298 8285 408dcd 8285->8256 8287 402167 GetUserDefaultUILanguage 8286->8287 8288 4021ab 8286->8288 8289 402184 8287->8289 8290 402188 GetSystemDefaultUILanguage 8287->8290 8288->8274 8289->8274 8290->8288 8291 402194 GetSystemDefaultLCID 8290->8291 8291->8288 8292 4021a4 8291->8292 8292->8288 8311 401484 8293->8311 8296 407d13 IsWindow 8296->8280 8296->8282 8297 407cef GetSystemMetrics GetSystemMetrics 8297->8296 8299 407d26 8298->8299 8300 407d8a 8298->8300 8299->8300 8319 40279d 8299->8319 8310 407a8a ??3@YAXPAX 8300->8310 8302 407d37 8303 40279d 2 API calls 8302->8303 8304 407d42 8303->8304 8323 404224 8304->8323 8307 404224 20 API calls 8308 407d54 ??3@YAXPAX ??3@YAXPAX 8307->8308 8308->8300 8310->8285 8314 40119e 8311->8314 8315 4011ea 8314->8315 8316 4011ac ??2@YAPAXI 8314->8316 8315->8296 8315->8297 8316->8315 8317 4011cd ??3@YAXPAX 8316->8317 8317->8315 8320 4027b4 8319->8320 8321 40119e 2 API calls 8320->8321 8322 4027bf 8321->8322 8322->8302 8330 402b9d 8323->8330 8327 40423c 8366 4041f0 8327->8366 8331 401484 2 API calls 8330->8331 8332 402bab 8331->8332 8333 402bbb ExpandEnvironmentStringsW 8332->8333 8334 40119e 2 API calls 8332->8334 8335 402bd4 ??3@YAXPAX 8333->8335 8336 402bdf 8333->8336 8334->8333 8337 402c16 8335->8337 8377 4027d6 8336->8377 8343 403ee8 8337->8343 8340 402bfa 8381 4013d5 8340->8381 8342 402c0e ??3@YAXPAX 8342->8337 8344 401484 2 API calls 8343->8344 8345 403ef6 8344->8345 8346 4013d5 2 API calls 8345->8346 8347 403f01 8346->8347 8385 4027ee 8347->8385 8349 403f0e 8350 40279d 2 API calls 8349->8350 8351 403f1b 8350->8351 8389 403e6d 8351->8389 8354 4013d5 2 API calls 8355 403f3f 8354->8355 8356 4027ee 2 API calls 8355->8356 8357 403f4c 8356->8357 8358 40279d 2 API calls 8357->8358 8359 403f59 8358->8359 8360 403e6d 3 API calls 8359->8360 8361 403f69 ??3@YAXPAX 8360->8361 8362 40279d 2 API calls 8361->8362 8363 403f80 8362->8363 8364 403e6d 3 API calls 8363->8364 8365 403f8f ??3@YAXPAX ??3@YAXPAX 8364->8365 8365->8327 8367 402b9d 6 API calls 8366->8367 8368 4041fb 8367->8368 8406 403fa3 8368->8406 8370 404208 8429 40405e 8370->8429 8372 404213 8452 404119 8372->8452 8374 404219 8375 402b9d 6 API calls 8374->8375 8376 40421f 8375->8376 8376->8307 8378 4027e2 8377->8378 8379 4027e8 ExpandEnvironmentStringsW 8377->8379 8380 40119e 2 API calls 8378->8380 8379->8340 8380->8379 8382 4013e1 8381->8382 8383 4013f3 8381->8383 8384 40119e 2 API calls 8382->8384 8383->8342 8384->8383 8386 4027fb 8385->8386 8394 40140b 8386->8394 8388 402806 8388->8349 8390 403e7f ??3@YAXPAX 8389->8390 8392 403e83 8389->8392 8390->8354 8392->8390 8398 402a04 8392->8398 8402 40332f 8392->8402 8395 40144f 8394->8395 8396 40141f 8394->8396 8395->8388 8397 40119e ??2@YAPAXI ??3@YAXPAX 8396->8397 8397->8395 8399 402a1a 8398->8399 8400 402a2e 8399->8400 8401 4025d1 memmove 8399->8401 8400->8392 8401->8400 8403 40333e 8402->8403 8404 402abc ??2@YAPAXI ??3@YAXPAX memmove 8403->8404 8405 403357 8403->8405 8404->8405 8405->8392 8407 401484 2 API calls 8406->8407 8408 403fb1 8407->8408 8409 4013d5 2 API calls 8408->8409 8410 403fbc 8409->8410 8411 4027ee 2 API calls 8410->8411 8412 403fc9 8411->8412 8413 40279d 2 API calls 8412->8413 8414 403fd6 8413->8414 8415 403e6d 3 API calls 8414->8415 8416 403fe6 ??3@YAXPAX 8415->8416 8417 4013d5 2 API calls 8416->8417 8418 403ffa 8417->8418 8419 4027ee 2 API calls 8418->8419 8420 404007 8419->8420 8421 40279d 2 API calls 8420->8421 8422 404014 8421->8422 8423 403e6d 3 API calls 8422->8423 8424 404024 ??3@YAXPAX 8423->8424 8425 40279d 2 API calls 8424->8425 8426 40403b 8425->8426 8427 403e6d 3 API calls 8426->8427 8428 40404a ??3@YAXPAX ??3@YAXPAX 8427->8428 8428->8370 8430 401484 2 API calls 8429->8430 8431 40406c 8430->8431 8432 4013d5 2 API calls 8431->8432 8433 404077 8432->8433 8434 4027ee 2 API calls 8433->8434 8435 404084 8434->8435 8436 40279d 2 API calls 8435->8436 8437 404091 8436->8437 8438 403e6d 3 API calls 8437->8438 8439 4040a1 ??3@YAXPAX 8438->8439 8440 4013d5 2 API calls 8439->8440 8441 4040b5 8440->8441 8442 4027ee 2 API calls 8441->8442 8443 4040c2 8442->8443 8444 40279d 2 API calls 8443->8444 8445 4040cf 8444->8445 8446 403e6d 3 API calls 8445->8446 8447 4040df ??3@YAXPAX 8446->8447 8448 40279d 2 API calls 8447->8448 8449 4040f6 8448->8449 8450 403e6d 3 API calls 8449->8450 8451 404105 ??3@YAXPAX ??3@YAXPAX 8450->8451 8451->8372 8453 40279d 2 API calls 8452->8453 8454 40412c 8453->8454 8455 403e6d 3 API calls 8454->8455 8456 40413d ??3@YAXPAX 8455->8456 8456->8374 8458 401d26 VirtualFree 8457->8458 8459 40d070 8458->8459 8459->8222 8463 40ced6 8460->8463 8464 40cee4 8463->8464 8465 40cee8 8463->8465 8464->8224 8469 40cf7d 8465->8469 8467 40cf0d _CxxThrowException 8467->8464 8470 40cfa2 8469->8470 8471 40cf08 8470->8471 8473 40d02a 8470->8473 8471->8464 8471->8467 8476 40cfdf EnterCriticalSection 8473->8476 8475 40d04e 8475->8471 8482 40c5fe 8476->8482 8478 40d006 LeaveCriticalSection 8478->8475 8483 40c607 8482->8483 8484 40c60e 8482->8484 8483->8478 8488 40c5ca 8483->8488 8492 40beb6 SetFilePointer 8484->8492 8489 40c5e2 8488->8489 8490 40c58e GetLastError 8489->8490 8491 40c5f9 8490->8491 8491->8478 8493 40bedf GetLastError 8492->8493 8494 40bee9 8492->8494 8493->8494 8495 40c58e 8494->8495 8496 40c595 8495->8496 8497 40c598 GetLastError 8495->8497 8496->8483 8498 40c5a2 8497->8498 8498->8483 8500 40d10d 8499->8500 8501 40d132 8500->8501 8502 40d11e memmove 8500->8502 8503 40d14d 8501->8503 8508 40c030 SetFileTime 8501->8508 8509 40127e 8501->8509 8515 40be4b 8501->8515 8518 40efb4 8501->8518 8502->8501 8503->8235 8508->8503 8510 401292 8509->8510 8513 401286 8509->8513 8511 4012af 8510->8511 8524 40c04d 8510->8524 8511->8513 8514 4012bc SetFileAttributesW 8511->8514 8513->8503 8514->8513 8516 40be55 FindCloseChangeNotification 8515->8516 8517 40be60 8515->8517 8516->8517 8517->8503 8521 40efc0 8518->8521 8519 40f06d 8519->8503 8521->8519 8522 40ef75 112 API calls 8521->8522 8528 412878 8521->8528 8532 40ee54 8521->8532 8522->8521 8527 40c030 SetFileTime 8524->8527 8526 40c05a 8526->8511 8527->8526 8529 412889 8528->8529 8530 412899 8528->8530 8537 40c662 8529->8537 8530->8521 8533 40ee6e 8532->8533 8545 401841 8533->8545 8608 40bfe5 8533->8608 8534 40eea2 8534->8521 8542 40c05d 8537->8542 8539 40c67b 8540 40c58e GetLastError 8539->8540 8541 40c69a 8540->8541 8541->8530 8543 40c06b 8542->8543 8544 40c06e WriteFile 8542->8544 8543->8544 8544->8539 8546 40185d 8545->8546 8552 401853 8545->8552 8611 40f78d _EH_prolog 8546->8611 8548 40188a 8655 40c125 8548->8655 8549 401484 2 API calls 8551 4018a3 8549->8551 8553 401b7d ??3@YAXPAX 8551->8553 8554 4018b8 8551->8554 8552->8534 8558 40c125 VariantClear 8553->8558 8637 40139c 8554->8637 8557 4018c3 8641 40157d 8557->8641 8558->8552 8561 4013d5 2 API calls 8562 4018e2 ??3@YAXPAX 8561->8562 8563 401b43 ??3@YAXPAX 8562->8563 8568 4018f4 8562->8568 8565 40c125 VariantClear 8563->8565 8565->8552 8566 401915 8567 40c125 VariantClear 8566->8567 8569 40191d ??3@YAXPAX 8567->8569 8568->8566 8570 40197f 8568->8570 8571 401940 8568->8571 8569->8548 8573 4019a4 8570->8573 8574 4019bd 8570->8574 8572 40c125 VariantClear 8571->8572 8575 401952 ??3@YAXPAX 8572->8575 8576 40c125 VariantClear 8573->8576 8577 4019c5 8574->8577 8578 4019df GetLocalTime SystemTimeToFileTime 8574->8578 8575->8548 8579 4019ac ??3@YAXPAX 8576->8579 8577->8571 8580 401a13 8577->8580 8581 4019fc 8577->8581 8578->8577 8579->8548 8646 4033b3 GetFileAttributesW 8580->8646 8659 40371d lstrlenW 8581->8659 8585 401b4f GetLastError 8585->8563 8586 401a33 ??2@YAPAXI 8588 401a3f 8586->8588 8587 401b45 8587->8585 8683 40c019 8588->8683 8591 401b2a 8595 40c125 VariantClear 8591->8595 8592 401a7a GetLastError 8686 40136a 8592->8686 8594 401a8c 8596 40371d 88 API calls 8594->8596 8600 401a9a ??3@YAXPAX 8594->8600 8595->8563 8598 401ae7 8596->8598 8598->8600 8601 40c019 2 API calls 8598->8601 8599 401ab7 8602 40c125 VariantClear 8599->8602 8600->8599 8603 401b0c 8601->8603 8604 401ac5 ??3@YAXPAX 8602->8604 8605 401b10 GetLastError 8603->8605 8606 401b21 ??3@YAXPAX 8603->8606 8604->8548 8605->8600 8606->8591 8802 40bf1c 8608->8802 8612 40f896 8611->8612 8613 40f7c8 8611->8613 8614 40f7e5 8612->8614 8615 40f89b 8612->8615 8613->8614 8616 40f862 8613->8616 8617 40f7d7 8613->8617 8629 40f80b 8614->8629 8715 40f50e 8614->8715 8618 40f850 8615->8618 8621 40f8a5 8615->8621 8627 40f7f7 8615->8627 8616->8629 8689 412859 8616->8689 8617->8618 8619 40f7dc 8617->8619 8711 40c1b0 8618->8711 8628 40f7e2 8619->8628 8632 40f810 8619->8632 8621->8618 8621->8632 8626 40f878 8692 40c169 8626->8692 8627->8629 8703 40c1d5 8627->8703 8628->8614 8628->8627 8698 40c12a 8629->8698 8630 40c125 VariantClear 8635 401886 8630->8635 8632->8629 8707 40c1f5 8632->8707 8635->8548 8635->8549 8638 4013b3 8637->8638 8639 40119e 2 API calls 8638->8639 8640 4013be 8639->8640 8640->8557 8642 40136a 2 API calls 8641->8642 8643 40158b 8642->8643 8730 401455 8643->8730 8645 401596 8645->8561 8647 4033d0 8646->8647 8648 401a1f 8646->8648 8649 4033e1 8647->8649 8650 4033d4 SetLastError 8647->8650 8648->8585 8648->8586 8648->8587 8649->8648 8651 4033ea 8649->8651 8653 4033f8 FindFirstFileW 8649->8653 8650->8648 8733 403386 8651->8733 8653->8651 8654 40340b FindClose CompareFileTime 8653->8654 8654->8648 8654->8651 8656 40c0e1 8655->8656 8657 40c102 VariantClear 8656->8657 8658 40c119 8656->8658 8657->8552 8658->8552 8660 40279d 2 API calls 8659->8660 8661 40373e 8660->8661 8662 40119e 2 API calls 8661->8662 8664 40374e 8661->8664 8662->8664 8665 40379c GetSystemTimeAsFileTime GetFileAttributesW 8664->8665 8668 403840 8664->8668 8771 401ba1 CreateDirectoryW 8664->8771 8666 4037b1 8665->8666 8667 4037bb 8665->8667 8669 4033b3 22 API calls 8666->8669 8670 401ba1 4 API calls 8667->8670 8674 4037c1 ??3@YAXPAX 8667->8674 8671 403870 8668->8671 8668->8674 8669->8667 8681 4037ce 8670->8681 8673 408dd2 57 API calls 8671->8673 8672 4037d3 8777 408dd2 8672->8777 8678 40387a ??3@YAXPAX 8673->8678 8680 403885 8674->8680 8676 403834 ??3@YAXPAX 8676->8680 8677 4037e6 memcpy 8677->8681 8678->8680 8680->8571 8681->8672 8681->8676 8681->8677 8682 401ba1 4 API calls 8681->8682 8682->8681 8799 40c002 8683->8799 8687 40119e 2 API calls 8686->8687 8688 401384 8687->8688 8688->8594 8690 40136a 2 API calls 8689->8690 8691 412866 8690->8691 8691->8626 8719 40c153 8692->8719 8695 40c1a9 ??3@YAXPAX 8695->8629 8696 40c18e 8696->8695 8697 40c193 _CxxThrowException 8696->8697 8697->8695 8699 40c0e1 VariantClear 8698->8699 8700 40c136 8699->8700 8701 40c13a memcpy 8700->8701 8702 40c14f 8700->8702 8701->8702 8702->8630 8704 40c1e3 8703->8704 8705 40c1de 8703->8705 8704->8629 8706 40c153 VariantClear 8705->8706 8706->8704 8708 40c203 8707->8708 8709 40c1fe 8707->8709 8708->8629 8710 40c153 VariantClear 8709->8710 8710->8708 8712 40c1be 8711->8712 8713 40c1b9 8711->8713 8712->8629 8714 40c153 VariantClear 8713->8714 8714->8712 8716 40f520 8715->8716 8717 40f53c 8716->8717 8726 40c21c 8716->8726 8717->8629 8722 40c0e1 8719->8722 8721 40c15b SysAllocString 8721->8695 8721->8696 8725 40c0e9 8722->8725 8723 40c102 VariantClear 8723->8721 8724 40c119 8724->8721 8725->8723 8725->8724 8727 40c225 8726->8727 8728 40c22a 8726->8728 8729 40c153 VariantClear 8727->8729 8728->8717 8729->8728 8731 40140b 2 API calls 8730->8731 8732 401465 8731->8732 8732->8645 8739 40301f 8733->8739 8735 40338f 8736 4033b0 8735->8736 8737 403394 GetLastError 8735->8737 8736->8648 8738 40339f 8737->8738 8738->8648 8740 403028 8739->8740 8741 40302c GetFileAttributesW 8739->8741 8740->8735 8742 403042 8741->8742 8743 40303d 8741->8743 8744 403060 8742->8744 8745 403046 SetFileAttributesW 8742->8745 8743->8735 8750 402f12 8744->8750 8746 403053 DeleteFileW 8745->8746 8747 40305c 8745->8747 8746->8735 8747->8735 8751 40279d ??2@YAPAXI ??3@YAXPAX 8750->8751 8752 402f29 8751->8752 8753 4027ee ??2@YAPAXI ??3@YAXPAX 8752->8753 8754 402f36 FindFirstFileW 8753->8754 8755 402f58 8754->8755 8756 402fee SetFileAttributesW 8754->8756 8757 40139c ??2@YAPAXI ??3@YAXPAX 8755->8757 8758 403011 ??3@YAXPAX 8755->8758 8762 401552 ??2@YAPAXI ??3@YAXPAX 8755->8762 8763 4027ee ??2@YAPAXI ??3@YAXPAX 8755->8763 8764 402f88 lstrcmpW 8755->8764 8765 402fbd SetFileAttributesW 8755->8765 8766 402fd1 FindNextFileW 8755->8766 8770 402f12 ??2@YAPAXI ??3@YAXPAX 8755->8770 8756->8758 8759 402ff9 RemoveDirectoryW 8756->8759 8757->8755 8761 403019 8758->8761 8759->8758 8760 403006 ??3@YAXPAX 8759->8760 8760->8761 8761->8735 8762->8755 8763->8755 8764->8766 8767 402f9e lstrcmpW 8764->8767 8765->8758 8768 402fc6 DeleteFileW 8765->8768 8766->8755 8769 402fe7 FindClose 8766->8769 8767->8755 8767->8766 8768->8755 8769->8756 8770->8755 8772 401be2 8771->8772 8773 401bb2 GetLastError 8771->8773 8772->8664 8774 401bcc GetFileAttributesW 8773->8774 8776 401bc1 8773->8776 8774->8772 8774->8776 8775 401bc2 SetLastError 8775->8664 8776->8772 8776->8775 8778 4021b3 19 API calls 8777->8778 8779 408de6 wvsprintfW 8778->8779 8780 408eb5 8779->8780 8781 408e07 GetLastError FormatMessageW 8779->8781 8784 408cee 27 API calls 8780->8784 8782 408e35 FormatMessageW 8781->8782 8783 408e4a lstrlenW lstrlenW ??2@YAPAXI lstrcpyW lstrcpyW 8781->8783 8782->8780 8782->8783 8788 408cee 8783->8788 8786 408ec1 8784->8786 8786->8674 8789 408d63 ??3@YAXPAX LocalFree 8788->8789 8790 408cfd 8788->8790 8789->8786 8791 407cb6 4 API calls 8790->8791 8792 408d0c IsWindow 8791->8792 8793 408d35 8792->8793 8794 408d23 IsBadReadPtr 8792->8794 8795 407d17 22 API calls 8793->8795 8794->8793 8796 408d5b 8795->8796 8798 407a8a ??3@YAXPAX 8796->8798 8798->8789 8800 40bfe5 2 API calls 8799->8800 8801 401a72 8800->8801 8801->8591 8801->8592 8803 40be4b FindCloseChangeNotification 8802->8803 8804 40bf27 8803->8804 8805 40bf50 8804->8805 8806 40bf2b CreateFileW 8804->8806 8805->8534 8806->8805 8807 409f10 8810 402788 8807->8810 8811 4026fb 47 API calls 8810->8811 8812 402791 8811->8812 8813 402796 8812->8813 8814 402797 malloc 8812->8814 8830 40e827 _EH_prolog 8842 40e85a 8830->8842 8831 40e987 8865 4011fd 8831->8865 8833 40e640 _CxxThrowException ??2@YAPAXI memcpy ??3@YAXPAX 8833->8842 8834 40e9b1 8837 40e9be ??2@YAPAXI 8834->8837 8835 40e99c 8916 40e585 8835->8916 8857 40e9d8 8837->8857 8838 40e7fd 17 API calls 8838->8842 8839 40c419 12 API calls ctype 8839->8842 8842->8831 8842->8833 8842->8838 8842->8839 8863 40e87c 8842->8863 8909 40e717 8842->8909 8913 40e563 8842->8913 8843 40ea22 8919 40e690 8843->8919 8844 40ea85 ??2@YAPAXI 8844->8857 8846 40e690 12 API calls 8846->8857 8850 40e585 ctype 12 API calls 8850->8857 8852 40eb02 8853 40e690 12 API calls 8852->8853 8854 40eb27 8853->8854 8855 40e585 ctype 12 API calls 8854->8855 8855->8863 8857->8843 8857->8844 8857->8846 8857->8850 8857->8852 8858 40ebc5 8857->8858 8857->8863 8875 40f112 8857->8875 8879 40e008 8857->8879 8922 40ed7f ??2@YAPAXI 8857->8922 8924 40f0bf 8857->8924 8860 40e690 12 API calls 8858->8860 8861 40ebe4 8860->8861 8862 40e585 ctype 12 API calls 8861->8862 8862->8863 8866 401261 SendMessageW 8865->8866 8867 40120b GetDiskFreeSpaceExW 8865->8867 8868 401249 8866->8868 8867->8866 8869 401223 8867->8869 8868->8834 8868->8835 8869->8866 8870 4021b3 19 API calls 8869->8870 8871 40123c 8870->8871 8872 408d65 27 API calls 8871->8872 8873 401242 8872->8873 8873->8868 8874 40125a 8873->8874 8874->8866 8876 40f13b 8875->8876 8928 40ef75 8876->8928 8932 40ffea 8879->8932 8882 40e025 8882->8857 8884 40e071 ??2@YAPAXI 8893 40e059 8884->8893 8885 40e139 8950 40dcfd 8885->8950 8887 40e095 ??2@YAPAXI 8887->8893 8893->8884 8893->8885 8893->8887 8983 40db28 ??2@YAPAXI 8893->8983 8910 40e726 8909->8910 8912 40e72c 8909->8912 8910->8842 8911 40e742 _CxxThrowException 8911->8910 8912->8910 8912->8911 8914 40c39f 4 API calls 8913->8914 8915 40e56b 8914->8915 8915->8842 8917 40c397 ctype 12 API calls 8916->8917 8918 40e593 8917->8918 8920 40db12 ctype 12 API calls 8919->8920 8921 40e69b 8920->8921 8923 40edb1 8922->8923 8923->8857 8925 40f0c4 8924->8925 8926 40f0eb 8925->8926 8927 40ee54 112 API calls 8925->8927 8926->8857 8927->8925 8931 40ef7a 8928->8931 8929 40efb0 8929->8857 8930 40ee54 112 API calls 8930->8931 8931->8929 8931->8930 8933 410003 8932->8933 8948 40e021 8932->8948 8933->8948 9016 40fdcb 8933->9016 8935 4101dd 8937 40c419 ctype 12 API calls 8935->8937 8936 40fdcb 16 API calls 8939 41009f 8936->8939 8937->8948 8939->8935 8940 4100cf 8939->8940 9023 40c419 8940->9023 8942 410155 8944 40c419 ctype 12 API calls 8942->8944 8943 4100d8 8943->8942 8945 40d7b5 _CxxThrowException ??2@YAPAXI memcpy ??3@YAXPAX 8943->8945 8946 410191 8944->8946 8945->8943 8947 40c419 ctype 12 API calls 8946->8947 8947->8948 8948->8882 8949 406edf InitializeCriticalSection 8948->8949 8949->8893 9104 40d794 8950->9104 8984 40db37 8983->8984 9130 40d7b5 8984->9130 9017 40c397 ctype 12 API calls 9016->9017 9018 40fdd7 9017->9018 9027 40c2ce 9018->9027 9020 40fdf3 9020->8935 9020->8936 9021 40fde1 9021->9020 9022 40e563 4 API calls 9021->9022 9022->9021 9024 40c3f8 9023->9024 9035 40c2ba 9024->9035 9028 40c362 9027->9028 9029 40c2e1 9027->9029 9028->9021 9030 40c2f0 _CxxThrowException 9029->9030 9031 40c320 ??2@YAPAXI 9029->9031 9032 40c352 ??3@YAXPAX 9029->9032 9030->9029 9031->9029 9033 40c336 memcpy 9031->9033 9032->9028 9033->9032 9040 401d26 VirtualFree 9035->9040 9042 4026c6 ??3@YAXPAX ??3@YAXPAX 9035->9042 9043 40b7f0 9035->9043 9047 409f20 9035->9047 9050 40df18 9035->9050 9036 40c2cb ??3@YAXPAX 9036->8943 9040->9036 9042->9036 9044 40b816 9043->9044 9045 401d3f free 9044->9045 9046 40b83c 9045->9046 9046->9036 9048 401d3f free 9047->9048 9049 409f2a 9048->9049 9049->9036 9054 40df2d 9050->9054 9051 40df5b 9070 40c3c7 9051->9070 9054->9051 9057 40dcb6 9054->9057 9074 40d765 9057->9074 9060 40c419 ctype 12 API calls 9061 40dccf 9060->9061 9062 40c419 ctype 12 API calls 9061->9062 9063 40dcda 9062->9063 9064 40db12 ctype 12 API calls 9063->9064 9065 40dce5 9064->9065 9066 40db12 ctype 12 API calls 9065->9066 9067 40dced 9066->9067 9082 40dc88 9067->9082 9071 40c3db 9070->9071 9072 40c3ef 9071->9072 9103 40c368 memmove 9071->9103 9072->9036 9075 40d774 9074->9075 9076 40d77a 9074->9076 9091 406e83 SetEvent 9075->9091 9078 40d790 9076->9078 9094 406e27 WaitForSingleObject 9076->9094 9078->9060 9080 40d78a 9095 406dfd 9080->9095 9083 40d765 5 API calls 9082->9083 9084 40dc96 9083->9084 9085 406dfd 2 API calls 9084->9085 9086 40dc9f 9085->9086 9087 406dfd 2 API calls 9086->9087 9088 40dca8 9087->9088 9089 406dfd 2 API calls 9088->9089 9090 40dcb1 9089->9090 9099 406de7 9091->9099 9093 406e95 9093->9076 9094->9080 9096 406e1d 9095->9096 9097 406e08 CloseHandle 9095->9097 9096->9078 9097->9096 9098 406e13 GetLastError 9097->9098 9098->9096 9100 406df1 GetLastError 9099->9100 9101 406dee 9099->9101 9102 406dfb 9100->9102 9101->9093 9102->9093 9103->9072 9105 40c397 ctype 12 API calls 9104->9105 9106 40d79c 9105->9106 9107 40c397 ctype 12 API calls 9106->9107 9108 40d7a4 9107->9108 9109 40c397 ctype 12 API calls 9108->9109 9110 40d7ac 9109->9110 9133 40c39f 9130->9133 9134 40c3c6 9133->9134 9135 40c3a7 9133->9135 9134->8893 9136 40c2ce 4 API calls 9135->9136 9136->9134 9269 412dcf __set_app_type __p__fmode __p__commode 9270 412e3e 9269->9270 9271 412e52 9270->9271 9272 412e46 __setusermatherr 9270->9272 9281 412f46 _controlfp 9271->9281 9272->9271 9274 412e57 _initterm __getmainargs _initterm 9275 412eab GetStartupInfoA 9274->9275 9277 412edf GetModuleHandleA 9275->9277 9282 406da1 _EH_prolog 9277->9282 9281->9274 9285 405750 ?_set_new_handler@@YAP6AHI@ZP6AHI@Z 9282->9285 9642 401d4d GetModuleHandleW CreateWindowExW 9285->9642 9288 406d80 MessageBoxA 9290 406d97 exit _XcptFilter 9288->9290 9289 40578e 9289->9288 9291 4057a8 9289->9291 9292 401484 2 API calls 9291->9292 9293 4057df 9292->9293 9294 401484 2 API calls 9293->9294 9295 4057ea 9294->9295 9645 4044f2 9295->9645 9300 4027ee 2 API calls 9301 405828 9300->9301 9654 402e02 9301->9654 9303 405831 9668 404424 9303->9668 9307 405850 _wtol 9309 405866 9307->9309 9673 404932 #17 9309->9673 9310 404424 3 API calls 9311 405896 9310->9311 9312 4058d0 9311->9312 9313 40589c 9311->9313 9315 404424 3 API calls 9312->9315 9839 404ec8 9313->9839 9316 4058db 9315->9316 9317 4058e1 9316->9317 9318 4058ec 9316->9318 9861 4052d6 9317->9861 9321 404424 3 API calls 9318->9321 9319 4058a3 ??3@YAXPAX 9856 40453f 9319->9856 9327 4058fb 9321->9327 9323 4058b4 ??3@YAXPAX ??3@YAXPAX 9323->9290 9324 405930 GetModuleFileNameW 9325 405942 9324->9325 9326 405954 9324->9326 9329 408dd2 57 API calls 9325->9329 9330 404424 3 API calls 9326->9330 9327->9324 9328 40119e 2 API calls 9327->9328 9328->9324 9367 4058a1 9329->9367 9341 405976 9330->9341 9331 405b12 9332 4013d5 2 API calls 9331->9332 9333 405b22 9332->9333 9334 4013d5 2 API calls 9333->9334 9338 405b2f 9334->9338 9335 405a67 9337 404424 3 API calls 9335->9337 9336 405a34 9336->9335 9340 405a50 _wtol 9336->9340 9336->9367 9349 405ac6 9337->9349 9339 405bb4 9338->9339 9343 40139c 2 API calls 9338->9343 9699 4023cc 9339->9699 9340->9335 9341->9331 9341->9335 9341->9336 9341->9367 9869 401552 9341->9869 9345 405b64 9343->9345 9348 40139c 2 API calls 9345->9348 9347 40139c 2 API calls 9350 405bda ??2@YAPAXI 9347->9350 9354 405b7a 9348->9354 9349->9331 9351 404ac6 2 API calls 9349->9351 9352 405be6 9350->9352 9353 405af7 9351->9353 9702 40bf94 9352->9702 9353->9331 9355 4013d5 2 API calls 9353->9355 9356 4013d5 2 API calls 9354->9356 9355->9331 9357 405ba4 9356->9357 9359 4021b3 19 API calls 9357->9359 9361 405bab 9359->9361 9364 4027ee 2 API calls 9361->9364 9362 405c13 9365 408dd2 57 API calls 9362->9365 9363 405c39 9705 40284f 9363->9705 9364->9339 9365->9367 9367->9319 9370 405c4e 9371 405c54 9370->9371 9372 405c78 9370->9372 9373 408dd2 57 API calls 9371->9373 9374 405d0a 9372->9374 9376 404424 3 API calls 9372->9376 9375 405c5c ??3@YAXPAX 9373->9375 9377 40c397 ctype 12 API calls 9374->9377 9375->9367 9379 405c8f 9376->9379 9378 405d12 9377->9378 9380 405d37 9378->9380 9898 40342c 9378->9898 9379->9374 9387 405c95 9379->9387 9382 405cee ??3@YAXPAX 9380->9382 9401 405d40 9380->9401 9382->9367 9384 405d2c ??3@YAXPAX 9384->9367 9385 405db1 9739 404b35 9385->9739 9386 405d4c wsprintfW 9389 401484 2 API calls 9386->9389 9387->9382 9872 4054f0 9387->9872 9389->9401 9391 405cc4 9391->9382 9393 405cca 9391->9393 9392 401484 2 API calls 9392->9401 9394 408dd2 57 API calls 9393->9394 9395 405cd2 ??3@YAXPAX 9394->9395 9395->9367 9396 4021b3 19 API calls 9396->9401 9397 406035 9400 404b35 26 API calls 9397->9400 9398 40139c ??2@YAPAXI ??3@YAXPAX 9398->9401 9399 404247 lstrlenW lstrlenW _wcsnicmp 9445 405dba 9399->9445 9402 406044 9400->9402 9401->9385 9401->9386 9401->9392 9401->9396 9401->9398 9927 403305 ??2@YAPAXI 9401->9927 9933 4026c6 ??3@YAXPAX ??3@YAXPAX 9401->9933 9403 4061cc 9402->9403 9959 40247a AllocateAndInitializeSid 9402->9959 9798 4026dc 9403->9798 9409 40627d 9801 404620 9409->9801 9411 406069 9414 401484 2 API calls 9411->9414 9412 40279d 2 API calls 9455 4061e4 9412->9455 9416 406071 9414->9416 9419 401484 2 API calls 9416->9419 9417 406310 CoInitialize 9426 4026dc lstrcmpW 9417->9426 9418 4062a4 9421 4026dc lstrcmpW 9418->9421 9422 406079 GetCommandLineW 9419->9422 9425 4062b3 9421->9425 9427 404ac6 2 API calls 9422->9427 9423 40627f ??3@YAXPAX 9423->9409 9424 401484 ??2@YAPAXI ??3@YAXPAX 9424->9455 9428 4062c3 9425->9428 9431 4021b3 19 API calls 9425->9431 9429 406336 9426->9429 9430 406089 9427->9430 9996 4041d7 9428->9996 9432 40634a 9429->9432 9435 40139c 2 API calls 9429->9435 9433 40279d 2 API calls 9430->9433 9431->9428 9437 4041f0 16 API calls 9432->9437 9436 406094 9433->9436 9435->9432 9962 4048d8 9436->9962 9441 406350 9437->9441 9439 4013d5 2 API calls 9439->9455 9443 4026dc lstrcmpW 9441->9443 9442 407d17 22 API calls 9444 4062e6 9442->9444 9447 40635f 9443->9447 9999 407a8a ??3@YAXPAX 9444->9999 9445->9397 9445->9399 9471 405f99 _wtol 9445->9471 9499 406179 ??3@YAXPAX 9445->9499 9934 404d7f 9445->9934 9945 404677 9445->9945 9452 406373 9447->9452 9453 406366 _wtol 9447->9453 9449 40139c 2 API calls 9449->9455 9457 406399 9452->9457 10000 408f94 9452->10000 9453->9452 9454 4062f1 ??3@YAXPAX 9454->9367 9455->9409 9455->9412 9455->9423 9455->9424 9455->9439 9455->9449 9458 403305 7 API calls 9455->9458 9995 4026c6 ??3@YAXPAX ??3@YAXPAX 9455->9995 9456 4048f6 2 API calls 9459 4060cc 9456->9459 9462 406384 ??3@YAXPAX 9457->9462 9488 4063ad 9457->9488 10016 408ec7 9457->10016 9458->9455 9972 404914 9459->9972 9462->9457 9466 40625a ??3@YAXPAX 9469 4026dc lstrcmpW 9466->9469 9467 4026dc lstrcmpW 9467->9488 9468 40157d 2 API calls 9470 4060e6 9468->9470 9469->9455 9472 4013d5 2 API calls 9470->9472 9471->9445 9475 4060f2 7 API calls 9472->9475 9473 401484 2 API calls 9473->9488 9977 404f96 9475->9977 9477 406532 ??3@YAXPAX 9477->9367 9478 4063eb GetKeyState 9478->9488 9479 40613b 9480 406145 ??3@YAXPAX ??3@YAXPAX ??3@YAXPAX ??3@YAXPAX 9479->9480 9481 406196 ??3@YAXPAX ??3@YAXPAX ??3@YAXPAX ??3@YAXPAX 9479->9481 9484 40616c 9480->9484 9481->9319 9483 4061c1 9481->9483 9482 406592 9485 4065c8 9482->9485 9486 40659a 9482->9486 9483->9319 9484->9367 9489 40136a 2 API calls 9485->9489 10064 404571 9486->10064 9488->9467 9488->9473 9488->9477 9488->9478 9488->9482 9491 401552 ??2@YAPAXI ??3@YAXPAX 9488->9491 9500 406582 ??3@YAXPAX ??3@YAXPAX 9488->9500 9501 406527 ??3@YAXPAX 9488->9501 9502 40654f 9488->9502 9503 40139c ??2@YAPAXI ??3@YAXPAX 9488->9503 10043 408474 9488->10043 10056 4084f2 9488->10056 9493 4065d6 9489->9493 9491->9488 9496 4041f0 16 API calls 9493->9496 9495 4013d5 2 API calls 9497 4065b7 ??3@YAXPAX 9495->9497 9498 4065df 9496->9498 9508 4065ff 9497->9508 9504 4065f0 ??3@YAXPAX 9498->9504 9506 4013d5 2 API calls 9498->9506 9499->9367 9500->9367 9501->9488 9505 408dd2 57 API calls 9502->9505 9503->9488 9504->9508 9507 40655b ??3@YAXPAX ??3@YAXPAX 9505->9507 9506->9504 9507->9367 9509 406649 9508->9509 9510 40663c 9508->9510 10077 408532 9509->10077 9807 401758 ??2@YAPAXI 9510->9807 9513 406645 9514 406686 9513->9514 9515 40665b 9513->9515 9516 404620 22 API calls 9514->9516 9824 4044dc 9515->9824 9517 40668b 9516->9517 9520 406c7c 9517->9520 9521 401484 2 API calls 9517->9521 9523 406cf4 9520->9523 9524 4026dc lstrcmpW 9520->9524 9522 4066a9 9521->9522 9567 4066bc 9522->9567 10085 404a70 9522->10085 9526 406d37 ??3@YAXPAX ??3@YAXPAX 9523->9526 9531 4026dc lstrcmpW 9523->9531 9529 406cad 9524->9529 9527 406d50 9526->9527 9528 406d56 ??3@YAXPAX 9526->9528 9527->9528 9530 40453f 13 API calls 9528->9530 9529->9523 10149 4044c3 9529->10149 9532 406d67 ??3@YAXPAX ??3@YAXPAX 9530->9532 9533 406d13 9531->9533 9532->9290 9533->9526 9538 406d20 9533->9538 9534 401484 ??2@YAPAXI ??3@YAXPAX 9534->9567 9536 4066eb 9539 406b12 ??3@YAXPAX ??3@YAXPAX 9536->9539 9540 4066f8 9536->9540 9543 40136a 2 API calls 9538->9543 9547 406c1b 9539->9547 9545 4048f6 2 API calls 9540->9545 9541 4026dc lstrcmpW 9541->9567 9542 407d17 22 API calls 9546 406ce9 9542->9546 9544 406d2f 9543->9544 10153 405333 9544->10153 9550 406714 9545->9550 10152 407a8a ??3@YAXPAX 9546->10152 9548 406c73 ??3@YAXPAX 9547->9548 9553 404620 22 API calls 9547->9553 9548->9520 9555 4048f6 2 API calls 9550->9555 9551 406758 9556 40139c 2 API calls 9551->9556 9557 406c2a 9553->9557 9558 406721 9555->9558 9559 406761 9556->9559 9829 404ddd 9557->9829 9561 4013d5 2 API calls 9558->9561 9563 404224 20 API calls 9559->9563 9566 40672d ??3@YAXPAX ??3@YAXPAX GetFileAttributesW 9561->9566 9562 406b78 ??3@YAXPAX ??3@YAXPAX 9562->9547 9579 40676a 9563->9579 9564 40139c 2 API calls 9564->9567 9565 406c43 SetCurrentDirectoryW 9568 404ddd 4 API calls 9565->9568 9569 406754 9566->9569 9570 406b29 9566->9570 9567->9534 9567->9536 9567->9541 9567->9551 9567->9562 9567->9564 9571 401552 2 API calls 9567->9571 9572 406c6b 9568->9572 9569->9551 9573 4044dc 16 API calls 9570->9573 9574 4067f8 ??3@YAXPAX ??3@YAXPAX 9571->9574 9575 4044dc 16 API calls 9572->9575 9576 406b2e 9573->9576 9574->9567 9575->9548 9577 408dd2 57 API calls 9576->9577 9578 406b37 ??3@YAXPAX ??3@YAXPAX ??3@YAXPAX ??3@YAXPAX ??3@YAXPAX 9577->9578 9578->9367 9578->9484 9580 406897 _wtol 9579->9580 9581 404281 lstrlenW lstrlenW _wcsnicmp 9579->9581 9582 40695b 9579->9582 9580->9579 9581->9579 9583 406964 9582->9583 9584 4069b6 9582->9584 9585 406989 9583->9585 9586 40696a 9583->9586 9587 4013d5 2 API calls 9584->9587 9588 40139c 2 API calls 9585->9588 9589 40139c 2 API calls 9586->9589 9590 4069b4 9587->9590 9592 406987 9588->9592 9591 406975 9589->9591 9593 4027ee 2 API calls 9590->9593 9594 4027ee 2 API calls 9591->9594 9596 4026dc lstrcmpW 9592->9596 9595 4069c8 9593->9595 9598 40697e 9594->9598 9597 401484 2 API calls 9595->9597 9599 40699e 9596->9599 9600 4069d0 9597->9600 9601 4027ee 2 API calls 9598->9601 9599->9595 9603 4027ee 2 API calls 9599->9603 9602 404ac6 2 API calls 9600->9602 9601->9592 9604 4069dd 9602->9604 9603->9590 9605 40279d 2 API calls 9604->9605 9606 4069e8 9605->9606 9607 404224 20 API calls 9606->9607 9608 4069f1 9607->9608 9609 406acc 9608->9609 10094 402449 9608->10094 9610 406bfa ??3@YAXPAX ??3@YAXPAX ??3@YAXPAX ??3@YAXPAX 9609->9610 9612 406ae0 ??3@YAXPAX ??3@YAXPAX ??3@YAXPAX ??3@YAXPAX 9609->9612 9610->9547 9612->9539 9613 406a06 9613->9609 9614 406a2c 9613->9614 9616 4027ee 2 API calls 9613->9616 9615 404224 20 API calls 9614->9615 9618 406a38 9615->9618 9617 406a20 9616->9617 9617->9614 9619 406aae 9618->9619 9620 406a3f 9618->9620 10101 40506d 9619->10101 9622 4048d8 2 API calls 9620->9622 9624 406a57 9622->9624 9623 406abc 9625 406b97 SetLastError 9623->9625 9626 406ac7 9623->9626 9627 4048f6 2 API calls 9624->9627 9629 406b9e 9625->9629 10146 4023e1 9626->10146 9630 406a67 9627->9630 9631 408dd2 57 API calls 9629->9631 9632 40157d 2 API calls 9630->9632 9633 406ba8 9631->9633 9634 406a74 ??3@YAXPAX ??3@YAXPAX 9632->9634 9635 4044dc 16 API calls 9633->9635 9636 404f96 9 API calls 9634->9636 9637 406bad 7 API calls 9635->9637 9638 406a98 9636->9638 9639 406bed 9637->9639 9640 406aa6 ??3@YAXPAX 9638->9640 9641 406b8f ??3@YAXPAX 9638->9641 9639->9610 9640->9626 9641->9629 9643 401d82 SetTimer GetMessageW DispatchMessageW KillTimer KiUserCallbackDispatcher 9642->9643 9644 401db5 GetVersionExW 9642->9644 9643->9644 9644->9288 9644->9289 9646 40119e 2 API calls 9645->9646 9647 404507 GetCommandLineW 9646->9647 9648 404ac6 9647->9648 9649 404b00 9648->9649 9650 404ad4 9648->9650 9651 404af8 9649->9651 9653 401552 2 API calls 9649->9653 9650->9651 9652 401552 2 API calls 9650->9652 9651->9300 9652->9650 9653->9649 9655 401484 2 API calls 9654->9655 9663 402e12 9655->9663 9656 402ef8 9657 4013d5 2 API calls 9656->9657 9658 402f05 ??3@YAXPAX 9657->9658 9658->9303 9659 401552 ??2@YAPAXI ??3@YAXPAX 9659->9663 9661 401484 2 API calls 9661->9663 9663->9656 9663->9659 9663->9661 9664 4013d5 2 API calls 9663->9664 10192 402867 9663->10192 10195 402b04 9663->10195 9665 402e72 ??3@YAXPAX 9664->9665 9666 401455 2 API calls 9665->9666 9667 402e87 ??3@YAXPAX ??3@YAXPAX 9666->9667 9667->9663 9669 404433 9668->9669 9670 404470 9669->9670 9671 40444d lstrlenW lstrlenW 9669->9671 9670->9307 9670->9309 10206 401ca0 9671->10206 9674 404949 9673->9674 9675 40215d 3 API calls 9674->9675 9676 40494e 9675->9676 9677 4021b3 19 API calls 9676->9677 9678 404955 9677->9678 9679 4021b3 19 API calls 9678->9679 9680 404961 9679->9680 9681 4021b3 19 API calls 9680->9681 9682 40496d 9681->9682 9683 4021b3 19 API calls 9682->9683 9684 404979 9683->9684 9685 4021b3 19 API calls 9684->9685 9686 404985 9685->9686 9687 4021b3 19 API calls 9686->9687 9688 404991 9687->9688 9689 4021b3 19 API calls 9688->9689 9695 40499d 9689->9695 9690 4049b8 SHGetSpecialFolderPathW 9691 4049d2 wsprintfW 9690->9691 9690->9695 9692 401484 2 API calls 9691->9692 9692->9695 9693 404a6b 9693->9310 9694 401484 2 API calls 9694->9695 9695->9690 9695->9693 9695->9694 9696 40139c ??2@YAPAXI ??3@YAXPAX 9695->9696 9698 403305 7 API calls 9695->9698 10216 4026c6 ??3@YAXPAX ??3@YAXPAX 9695->10216 9696->9695 9698->9695 10217 40239b LoadLibraryA GetProcAddress 9699->10217 9701 4023d1 9701->9347 10220 40bf72 9702->10220 9706 40253b 2 API calls 9705->9706 9707 402863 9706->9707 9708 403cbf 9707->9708 9709 40239b 3 API calls 9708->9709 9710 403ccd 9709->9710 9711 40284f 2 API calls 9710->9711 9712 403d06 9711->9712 9713 40284f 2 API calls 9712->9713 9714 403d0e 9713->9714 9715 40284f 2 API calls 9714->9715 9716 403d16 9715->9716 10226 403bce 9716->10226 9722 403dac 9723 403bce 7 API calls 9722->9723 9725 403dc2 9723->9725 9724 403bce 7 API calls 9729 403d53 9724->9729 9727 402c1a 10 API calls 9725->9727 9726 402c1a 10 API calls 9726->9729 9728 403dd4 9727->9728 10269 4029b5 9728->10269 9729->9722 9729->9724 9729->9726 9732 4029b5 2 API calls 9729->9732 10272 40297f 9729->10272 9732->9729 9733 403e4a ??3@YAXPAX ??3@YAXPAX ??3@YAXPAX 9733->9370 9734 403bce 7 API calls 9736 403dea 9734->9736 9735 402c1a 10 API calls 9735->9736 9736->9733 9736->9734 9736->9735 9737 40297f 2 API calls 9736->9737 9738 4029b5 2 API calls 9736->9738 9737->9736 9738->9736 9740 4026dc lstrcmpW 9739->9740 9741 404b4e 9740->9741 9742 404b9e 9741->9742 9744 40139c 2 API calls 9741->9744 9743 4026dc lstrcmpW 9742->9743 9746 404bbc 9743->9746 9745 404b65 9744->9745 9747 4021b3 19 API calls 9745->9747 9748 4026dc lstrcmpW 9746->9748 9749 404b6c 9747->9749 9750 404bd4 9748->9750 9751 4027ee 2 API calls 9749->9751 9753 4026dc lstrcmpW 9750->9753 9752 404b75 9751->9752 9754 40139c 2 API calls 9752->9754 9755 404bec 9753->9755 9756 404b8e 9754->9756 9758 4026dc lstrcmpW 9755->9758 9757 4021b3 19 API calls 9756->9757 9759 404b95 9757->9759 9760 404c04 9758->9760 9761 4027ee 2 API calls 9759->9761 9762 404c1b 9760->9762 9763 404c0b lstrcmpiW 9760->9763 9761->9742 9764 4026dc lstrcmpW 9762->9764 9763->9762 9765 404c31 9764->9765 9766 4026dc lstrcmpW 9765->9766 9767 404c5e 9766->9767 9768 404c6b 9767->9768 10302 4043d2 9767->10302 9770 4026dc lstrcmpW 9768->9770 9774 404c7f 9770->9774 9771 404c9f 9772 4026dc lstrcmpW 9771->9772 9782 404cb2 9772->9782 9774->9771 9775 4026dc lstrcmpW 9774->9775 10306 404379 9774->10306 9775->9774 9776 404cd2 9778 4026dc lstrcmpW 9776->9778 9779 404cde 9778->9779 9781 4026dc lstrcmpW 9779->9781 9780 4026dc lstrcmpW 9780->9782 9783 404cef 9781->9783 9782->9776 9782->9780 10310 4043aa 9782->10310 9784 4026dc lstrcmpW 9783->9784 9785 404d00 9784->9785 9786 404d16 9785->9786 9787 404d0d _wtol 9785->9787 9788 4026dc lstrcmpW 9786->9788 9787->9786 9789 404d22 9788->9789 9790 404d32 9789->9790 9791 404d29 _wtol 9789->9791 9792 4026dc lstrcmpW 9790->9792 9791->9790 9793 404d3e 9792->9793 9794 4026dc lstrcmpW 9793->9794 9795 404d56 9794->9795 9796 4026dc lstrcmpW 9795->9796 9797 404d6e 9796->9797 9797->9445 10318 402646 9798->10318 9802 404631 9801->9802 9803 404674 9801->9803 9804 40136a 2 API calls 9802->9804 9805 404224 20 API calls 9802->9805 9803->9417 9803->9418 9804->9802 9806 40464e SetEnvironmentVariableW ??3@YAXPAX 9805->9806 9806->9802 9806->9803 9808 401771 9807->9808 9823 40c5fe 3 API calls 9808->9823 9809 401795 9810 4017c0 9809->9810 10322 40110a 9809->10322 9812 408dd2 57 API calls 9810->9812 9822 4017c8 9812->9822 9814 4017e8 9815 401800 ??2@YAPAXI 9814->9815 9816 40371d 88 API calls 9814->9816 9817 401813 9815->9817 9818 40180c 9815->9818 9819 4017fb 9816->9819 10326 40163d 9817->10326 10345 40149c 9818->10345 9819->9815 9819->9822 9822->9513 9823->9809 9825 4044f1 ??3@YAXPAX ??3@YAXPAX 9824->9825 9826 4044e5 9824->9826 9825->9367 9827 40301f 16 API calls 9826->9827 9828 4044f0 9827->9828 9828->9825 9830 401484 2 API calls 9829->9830 9835 404dee 9830->9835 9831 40139c 2 API calls 9831->9835 9832 404e80 9834 404eba ??3@YAXPAX 9832->9834 9837 404ddd 3 API calls 9832->9837 9833 401552 2 API calls 9833->9835 9834->9565 9835->9831 9835->9832 9835->9833 9836 4026dc lstrcmpW 9835->9836 9836->9835 9838 404eb7 9837->9838 9838->9834 9840 407cb6 4 API calls 9839->9840 9841 404ee4 9840->9841 9842 4021b3 19 API calls 9841->9842 9843 404ef2 9842->9843 9844 40279d 2 API calls 9843->9844 9849 404efc 9844->9849 9845 404f32 wsprintfW 9846 4027ee 2 API calls 9845->9846 9848 404f60 9846->9848 9847 4027ee ??2@YAPAXI ??3@YAXPAX 9847->9849 9850 4027ee 2 API calls 9848->9850 9849->9845 9849->9847 9851 404f6d 9850->9851 9852 407d17 22 API calls 9851->9852 9853 404f82 ??3@YAXPAX 9852->9853 10763 407a8a ??3@YAXPAX 9853->10763 9855 404f93 9855->9367 9857 40c397 ctype 12 API calls 9856->9857 9858 40454d 9857->9858 9859 40c2ba ctype 12 API calls 9858->9859 9860 40c402 ??3@YAXPAX 9859->9860 9860->9323 9862 4052e3 9861->9862 9868 4052ff 9861->9868 9864 4052f5 _wtol 9862->9864 9862->9868 9863 404f96 9 API calls 9865 405322 9863->9865 9864->9868 9866 405330 9865->9866 9867 40532a GetLastError 9865->9867 9866->9367 9867->9866 9868->9863 9870 40140b 2 API calls 9869->9870 9871 40155c 9870->9871 9871->9341 9873 40c019 2 API calls 9872->9873 9874 40551c 9873->9874 9875 405578 9874->9875 9876 40279d 2 API calls 9874->9876 9877 40284f 2 API calls 9875->9877 9883 40552b 9876->9883 9878 405580 9877->9878 9879 4028e5 2 API calls 9878->9879 9880 40558d 9879->9880 9881 40297f 2 API calls 9880->9881 9884 40559a 9881->9884 9882 4055e9 ??3@YAXPAX 9897 4055e5 9882->9897 9883->9882 9885 40371d 88 API calls 9883->9885 9886 40297f 2 API calls 9884->9886 9887 40554f 9885->9887 9888 4055a7 9886->9888 9887->9882 9890 40c019 2 API calls 9887->9890 9889 40297f 2 API calls 9888->9889 9891 4055b4 9889->9891 9892 40556b 9890->9892 9893 40c662 2 API calls 9891->9893 9892->9882 9894 40556f ??3@YAXPAX 9892->9894 9895 4055c8 9893->9895 9894->9875 9895->9882 9896 4055d1 ??3@YAXPAX 9895->9896 9896->9897 9897->9391 9899 40284f 2 API calls 9898->9899 9905 403441 9899->9905 9900 4036e0 ??3@YAXPAX 9902 403717 9900->9902 9901 401484 ??2@YAPAXI ??3@YAXPAX 9901->9905 9902->9380 9902->9384 9903 40284f 2 API calls 9903->9905 9904 402b04 ??2@YAPAXI ??3@YAXPAX MultiByteToWideChar 9904->9905 9905->9900 9905->9901 9905->9903 9905->9904 9906 4013d5 2 API calls 9905->9906 9908 4036ec 9905->9908 9913 4035bf strncmp 9905->9913 9917 4013d5 2 API calls 9905->9917 9918 402957 2 API calls 9905->9918 9922 402957 ??2@YAPAXI ??3@YAXPAX 9905->9922 9923 403674 lstrlenW wcsncmp 9905->9923 9924 402646 lstrcmpW 9905->9924 9925 403305 7 API calls 9905->9925 9926 40139c 2 API calls 9905->9926 10764 40268e 9905->10764 10768 4026c6 ??3@YAXPAX ??3@YAXPAX 9905->10768 9907 4034b2 ??3@YAXPAX ??3@YAXPAX 9906->9907 9907->9905 9907->9908 10769 402d5c 9908->10769 9912 40370d ??3@YAXPAX 9912->9902 9913->9905 9915 4035aa strncmp 9913->9915 9915->9905 9915->9913 9919 40362c ??3@YAXPAX 9917->9919 9918->9915 9920 402e02 9 API calls 9919->9920 9921 40363d lstrcmpW 9920->9921 9921->9905 9922->9905 9923->9905 9924->9905 9925->9905 9926->9905 9928 403314 9927->9928 9931 40331f 9927->9931 10788 4029e3 9928->10788 9930 40d7b5 4 API calls 9932 40332b 9930->9932 9931->9930 9932->9401 9933->9401 9935 40279d 2 API calls 9934->9935 9936 404d91 9935->9936 9937 4027ee 2 API calls 9936->9937 9942 404d9e 9937->9942 9938 404dba 9939 4027ee 2 API calls 9938->9939 9941 404dc4 9939->9941 9940 401552 2 API calls 9940->9942 9943 404677 94 API calls 9941->9943 9942->9938 9942->9940 9944 404dcf ??3@YAXPAX 9943->9944 9944->9445 9946 4046ba 9945->9946 9947 40468e lstrlenW 9945->9947 9946->9445 9948 401ca0 CharUpperW 9947->9948 9949 4046a4 9948->9949 9949->9946 9949->9947 9950 4046c1 9949->9950 9951 40279d 2 API calls 9950->9951 9952 4046ca 9951->9952 10793 402b4c 9952->10793 9955 40342c 87 API calls 9956 404738 9955->9956 9957 404742 ??3@YAXPAX ??3@YAXPAX 9956->9957 9958 404759 ??3@YAXPAX ??3@YAXPAX 9956->9958 9957->9946 9958->9946 9960 4024d7 9959->9960 9961 4024bd CheckTokenMembership FreeSid 9959->9961 9960->9403 9960->9411 9961->9960 9963 4044f2 2 API calls 9962->9963 9964 4048e6 9963->9964 9965 401455 2 API calls 9964->9965 9966 4048f1 9965->9966 9967 4048f6 9966->9967 9968 40136a 2 API calls 9967->9968 9969 404904 9968->9969 9970 4027ee 2 API calls 9969->9970 9971 40490f 9970->9971 9971->9456 9973 40136a 2 API calls 9972->9973 9974 404922 9973->9974 9975 401552 2 API calls 9974->9975 9976 40492d 9975->9976 9976->9468 9978 401484 2 API calls 9977->9978 9979 404fa7 9978->9979 9980 401484 2 API calls 9979->9980 9981 404faf memset 9980->9981 9982 404fdd 9981->9982 9983 404ac6 2 API calls 9982->9983 9984 405000 9983->9984 9985 40139c 2 API calls 9984->9985 9986 40500b 9985->9986 9987 405010 ??3@YAXPAX 9986->9987 9988 405029 ShellExecuteExW 9986->9988 9989 40501b ??3@YAXPAX 9987->9989 9990 405043 9988->9990 9991 405069 9988->9991 9989->9479 9992 405057 CloseHandle 9990->9992 9993 40504c WaitForSingleObject 9990->9993 9994 405060 ??3@YAXPAX 9991->9994 9992->9994 9993->9992 9994->9989 9995->9466 9997 407cb6 4 API calls 9996->9997 9998 4041df 9997->9998 9998->9442 9999->9454 10001 409218 10000->10001 10014 408fb3 10000->10014 10001->9462 10002 407cb6 4 API calls 10002->10014 10003 408532 25 API calls 10003->10014 10004 4026dc lstrcmpW 10004->10014 10005 408474 25 API calls 10005->10014 10007 4084f2 25 API calls 10007->10014 10008 4041d7 4 API calls 10008->10014 10009 4021b3 19 API calls 10009->10014 10011 407d17 22 API calls 10011->10014 10012 408dd2 57 API calls 10012->10014 10013 4044c3 4 API calls 10013->10014 10014->10001 10014->10002 10014->10003 10014->10004 10014->10005 10014->10007 10014->10008 10014->10009 10014->10011 10014->10012 10014->10013 10015 408d65 27 API calls 10014->10015 10803 407d91 10014->10803 10807 407a8a ??3@YAXPAX 10014->10807 10015->10014 10017 4026dc lstrcmpW 10016->10017 10018 408edb 10017->10018 10019 408ee9 10018->10019 10808 401c0b GetStdHandle WriteFile 10018->10808 10021 408efc 10019->10021 10809 401c0b GetStdHandle WriteFile 10019->10809 10023 408f11 10021->10023 10810 401c0b GetStdHandle WriteFile 10021->10810 10025 408f22 10023->10025 10811 401c0b GetStdHandle WriteFile 10023->10811 10027 4026dc lstrcmpW 10025->10027 10028 408f2f 10027->10028 10029 408f3d 10028->10029 10812 401c0b GetStdHandle WriteFile 10028->10812 10031 4026dc lstrcmpW 10029->10031 10032 408f4a 10031->10032 10033 408f58 10032->10033 10813 401c0b GetStdHandle WriteFile 10032->10813 10035 4026dc lstrcmpW 10033->10035 10036 408f65 10035->10036 10037 408f73 10036->10037 10814 401c0b GetStdHandle WriteFile 10036->10814 10038 4026dc lstrcmpW 10037->10038 10041 408f80 10038->10041 10040 408f90 10040->9457 10041->10040 10815 401c0b GetStdHandle WriteFile 10041->10815 10044 408497 10043->10044 10045 4084ca 10044->10045 10046 4084ac 10044->10046 10819 407e9b 10045->10819 10816 407e69 10046->10816 10051 407d17 22 API calls 10053 4084c5 10051->10053 10052 407d17 22 API calls 10052->10053 10822 407a8a ??3@YAXPAX 10053->10822 10055 4084ed 10055->9488 10057 408507 10056->10057 10058 407e82 4 API calls 10057->10058 10059 408512 10058->10059 10060 407d17 22 API calls 10059->10060 10061 408523 10060->10061 10826 407a8a ??3@YAXPAX 10061->10826 10063 40852d 10063->9488 10065 401484 2 API calls 10064->10065 10066 404582 10065->10066 10067 4027d6 2 API calls 10066->10067 10068 40458b GetTempPathW 10067->10068 10069 4045a4 10068->10069 10074 4045bb 10068->10074 10070 4027d6 2 API calls 10069->10070 10071 4045af GetTempPathW 10070->10071 10071->10074 10072 4027d6 2 API calls 10073 4045de wsprintfW 10072->10073 10073->10074 10074->10072 10075 4045f5 GetFileAttributesW 10074->10075 10076 404619 10074->10076 10075->10074 10075->10076 10076->9495 10078 408545 10077->10078 10827 407eb4 10078->10827 10081 407d17 22 API calls 10082 40857a 10081->10082 10830 407a8a ??3@YAXPAX 10082->10830 10084 408584 10084->9513 10086 4026dc lstrcmpW 10085->10086 10088 404a8f 10086->10088 10087 404ac4 10087->9567 10088->10087 10089 40139c 2 API calls 10088->10089 10090 404a9e 10089->10090 10091 404224 20 API calls 10090->10091 10092 404aa4 10091->10092 10092->10087 10093 401552 2 API calls 10092->10093 10093->10087 10095 402457 10094->10095 10100 402452 10094->10100 10096 40239b 3 API calls 10095->10096 10097 40245c 10096->10097 10099 40246d 10097->10099 10831 402415 LoadLibraryA GetProcAddress 10097->10831 10099->9613 10100->9613 10102 401484 2 API calls 10101->10102 10103 405082 10102->10103 10104 401484 2 API calls 10103->10104 10105 40508a GetCommandLineW 10104->10105 10106 404ac6 2 API calls 10105->10106 10107 40509a 10106->10107 10108 4048d8 2 API calls 10107->10108 10109 4050cd 10108->10109 10110 4048f6 2 API calls 10109->10110 10111 4050da 10110->10111 10112 4048f6 2 API calls 10111->10112 10113 4050e7 10112->10113 10114 404914 2 API calls 10113->10114 10115 4050f4 10114->10115 10116 404914 2 API calls 10115->10116 10117 405101 10116->10117 10118 404914 2 API calls 10117->10118 10119 40510e 10118->10119 10120 404914 2 API calls 10119->10120 10121 40511b 10120->10121 10122 4048f6 2 API calls 10121->10122 10123 405128 10122->10123 10124 4048f6 2 API calls 10123->10124 10125 405135 10124->10125 10126 4048f6 2 API calls 10125->10126 10127 405142 10126->10127 10128 4013d5 2 API calls 10127->10128 10129 40514e 12 API calls 10128->10129 10130 4051e3 GetLastError 10129->10130 10131 405206 CreateJobObjectW 10129->10131 10132 4051eb ??3@YAXPAX ??3@YAXPAX 10130->10132 10133 405281 ResumeThread WaitForSingleObject 10131->10133 10134 40521e AssignProcessToJobObject 10131->10134 10132->9623 10135 405291 CloseHandle GetExitCodeProcess 10133->10135 10134->10133 10136 40522c CreateIoCompletionPort 10134->10136 10137 4052b7 CloseHandle 10135->10137 10138 4052ae GetLastError 10135->10138 10136->10133 10139 40523e SetInformationJobObject ResumeThread 10136->10139 10140 4052c0 CloseHandle 10137->10140 10141 4052c3 10137->10141 10138->10137 10142 40526c GetQueuedCompletionStatus 10139->10142 10140->10141 10143 4052c9 CloseHandle 10141->10143 10144 4052ce 10141->10144 10142->10133 10145 405266 10142->10145 10143->10144 10144->10132 10145->10135 10145->10142 10147 402405 10146->10147 10148 4023ea LoadLibraryA GetProcAddress 10146->10148 10147->9609 10148->10147 10150 407cb6 4 API calls 10149->10150 10151 4044cb 10150->10151 10151->9542 10152->9523 10154 4054e5 ??3@YAXPAX 10153->10154 10155 405349 10153->10155 10157 4054eb 10154->10157 10155->10154 10156 40535d GetDriveTypeW 10155->10156 10156->10154 10158 405389 10156->10158 10157->9526 10159 404571 6 API calls 10158->10159 10160 405397 CreateFileW 10159->10160 10161 4053bd 10160->10161 10162 4054af ??3@YAXPAX ??3@YAXPAX 10160->10162 10163 401484 2 API calls 10161->10163 10162->10157 10164 4053c6 10163->10164 10165 40139c 2 API calls 10164->10165 10166 4053d3 10165->10166 10167 4027ee 2 API calls 10166->10167 10168 4053e1 10167->10168 10169 401455 2 API calls 10168->10169 10170 4053ed 10169->10170 10171 4027ee 2 API calls 10170->10171 10172 4053fb 10171->10172 10173 4027ee 2 API calls 10172->10173 10174 405408 10173->10174 10175 401455 2 API calls 10174->10175 10176 405414 10175->10176 10177 4027ee 2 API calls 10176->10177 10178 405421 10177->10178 10179 4027ee 2 API calls 10178->10179 10180 40542a 10179->10180 10181 401455 2 API calls 10180->10181 10182 405436 10181->10182 10183 4027ee 2 API calls 10182->10183 10184 40543f 10183->10184 10185 402b4c 3 API calls 10184->10185 10186 405451 WriteFile ??3@YAXPAX CloseHandle 10185->10186 10187 4054c0 10186->10187 10188 40547f 10186->10188 10190 40301f 16 API calls 10187->10190 10188->10187 10189 405487 SetFileAttributesW ShellExecuteW ??3@YAXPAX 10188->10189 10189->10162 10191 4054c8 ??3@YAXPAX ??3@YAXPAX ??3@YAXPAX 10190->10191 10191->10157 10201 40253b 10192->10201 10196 401484 2 API calls 10195->10196 10197 402b10 10196->10197 10198 402b48 10197->10198 10199 4027d6 2 API calls 10197->10199 10198->9663 10200 402b2d MultiByteToWideChar 10199->10200 10200->10198 10202 402575 10201->10202 10203 402549 ??2@YAPAXI 10201->10203 10202->9663 10203->10202 10204 40255a ??3@YAXPAX 10203->10204 10204->10202 10207 401cee 10206->10207 10209 401cae 10206->10209 10207->9670 10208 40c271 CharUpperW 10208->10209 10209->10207 10209->10208 10210 401cfb 10209->10210 10214 40c271 CharUpperW 10210->10214 10212 401d0b 10215 40c271 CharUpperW 10212->10215 10214->10212 10215->10207 10216->9695 10218 4023c8 10217->10218 10219 4023bc GetNativeSystemInfo 10217->10219 10218->9701 10219->9701 10223 40bf55 10220->10223 10224 40bf1c 2 API calls 10223->10224 10225 405c0f 10224->10225 10225->9362 10225->9363 10276 4028e5 10226->10276 10229 4028e5 2 API calls 10230 403bf5 10229->10230 10280 402a39 10230->10280 10233 40291f 2 API calls 10234 403c12 ??3@YAXPAX 10233->10234 10235 402a39 3 API calls 10234->10235 10236 403c2d 10235->10236 10237 40291f 2 API calls 10236->10237 10238 403c38 ??3@YAXPAX 10237->10238 10239 403c78 10238->10239 10240 403c4e 10238->10240 10242 403ca5 10239->10242 10243 403c7e wsprintfA 10239->10243 10240->10239 10241 403c53 wsprintfA 10240->10241 10246 40297f 2 API calls 10241->10246 10245 40297f 2 API calls 10242->10245 10244 40297f 2 API calls 10243->10244 10247 403c9a 10244->10247 10248 403cb2 10245->10248 10249 403c6d 10246->10249 10250 40297f 2 API calls 10247->10250 10251 40297f 2 API calls 10248->10251 10252 40297f 2 API calls 10249->10252 10250->10242 10253 403cba 10251->10253 10252->10239 10254 402c1a 10253->10254 10255 402c27 10254->10255 10263 40c5fe 3 API calls 10255->10263 10256 402c39 lstrlenA lstrlenA 10261 402c66 10256->10261 10257 402d11 memmove 10260 402d44 10257->10260 10257->10261 10258 402cee memcmp 10258->10261 10259 402cb1 memcmp 10259->10260 10259->10261 10265 40291f 10260->10265 10261->10257 10261->10258 10261->10259 10261->10260 10264 40c5ca GetLastError 10261->10264 10295 402957 10261->10295 10263->10256 10264->10261 10266 40292b 10265->10266 10268 40293c 10265->10268 10267 40253b 2 API calls 10266->10267 10267->10268 10268->9729 10270 402587 2 API calls 10269->10270 10271 4029c5 10270->10271 10271->9736 10273 40298e 10272->10273 10274 402587 2 API calls 10273->10274 10275 40299b 10274->10275 10275->9729 10277 4028fb 10276->10277 10278 40253b 2 API calls 10277->10278 10279 402908 10278->10279 10279->10229 10282 402a54 10280->10282 10281 402a6b 10283 40284f 2 API calls 10281->10283 10282->10281 10284 402a60 10282->10284 10286 402a74 10283->10286 10292 402897 10284->10292 10288 40253b 2 API calls 10286->10288 10287 402a69 10287->10233 10289 402a7d 10288->10289 10290 402897 2 API calls 10289->10290 10291 402aab ??3@YAXPAX 10290->10291 10291->10287 10293 40253b 2 API calls 10292->10293 10294 4028b2 10293->10294 10294->10287 10298 402587 10295->10298 10299 4025cb 10298->10299 10300 40259b 10298->10300 10299->10261 10301 40253b 2 API calls 10300->10301 10301->10299 10303 4043f0 10302->10303 10314 404316 10303->10314 10307 404386 10306->10307 10308 404316 _wtol 10307->10308 10309 4043a7 10308->10309 10309->9774 10311 4043b7 10310->10311 10312 404316 _wtol 10311->10312 10313 4043cf 10312->10313 10313->9782 10317 404320 10314->10317 10315 40433b _wtol 10315->10317 10316 404374 10316->9768 10317->10315 10317->10316 10319 402651 10318->10319 10320 40267a 10319->10320 10321 40265d lstrcmpW 10319->10321 10320->9455 10321->10319 10321->10320 10350 4103d0 10322->10350 10358 40f93c _EH_prolog 10322->10358 10323 40112a 10323->9810 10323->9814 10327 401650 10326->10327 10328 40139c 2 API calls 10327->10328 10329 40165d 10328->10329 10330 401552 2 API calls 10329->10330 10331 401666 CreateThread 10330->10331 10332 401695 10331->10332 10333 40169a WaitForSingleObject 10331->10333 10757 40130f 10331->10757 10334 408532 25 API calls 10332->10334 10335 4016b7 10333->10335 10336 4016e9 10333->10336 10334->10333 10337 4016d5 10335->10337 10341 4016c6 10335->10341 10338 4016f1 GetExitCodeThread 10336->10338 10339 4016e5 10336->10339 10342 408dd2 57 API calls 10337->10342 10340 401708 10338->10340 10339->9822 10340->10339 10340->10341 10343 401737 SetLastError 10340->10343 10341->10339 10344 408dd2 57 API calls 10341->10344 10342->10339 10343->10341 10344->10339 10346 401484 2 API calls 10345->10346 10347 4014b5 10346->10347 10348 401484 2 API calls 10347->10348 10349 4014c1 10348->10349 10349->9817 10351 4103e2 10350->10351 10356 40c5fe 3 API calls 10351->10356 10352 4103f6 10353 41042d 10352->10353 10357 40c5fe 3 API calls 10352->10357 10353->10323 10354 41040a 10354->10353 10374 410275 10354->10374 10356->10352 10357->10354 10359 40f95c 10358->10359 10360 4103d0 11 API calls 10359->10360 10361 40f981 10360->10361 10362 40f9a3 10361->10362 10363 40f98a 10361->10363 10402 411d7e _EH_prolog 10362->10402 10405 40f55c 10363->10405 10387 40d650 10374->10387 10376 4102a1 10376->10353 10377 41028d 10377->10376 10390 40d5b6 10377->10390 10380 41036e ??3@YAXPAX 10380->10376 10382 410357 memmove 10383 4102da 10382->10383 10383->10380 10383->10382 10384 410383 memcpy 10383->10384 10385 410379 ??3@YAXPAX 10383->10385 10386 40c5fe 3 API calls 10384->10386 10385->10376 10386->10385 10398 40d605 10387->10398 10391 40d600 memcpy 10390->10391 10392 40d5c3 10390->10392 10391->10383 10393 40d5c8 ??2@YAPAXI 10392->10393 10394 40d5ee 10392->10394 10395 40d5f0 ??3@YAXPAX 10393->10395 10396 40d5d8 memmove 10393->10396 10394->10395 10395->10391 10396->10395 10399 40d649 10398->10399 10400 40d617 10398->10400 10399->10377 10400->10399 10401 40c5ca GetLastError 10400->10401 10401->10400 10413 411af9 10402->10413 10740 40f3ec 10405->10740 10435 40f21d 10413->10435 10558 40f18e 10435->10558 10559 40c397 ctype 12 API calls 10558->10559 10560 40f197 10559->10560 10561 40c397 ctype 12 API calls 10560->10561 10562 40f19f 10561->10562 10563 40c397 ctype 12 API calls 10562->10563 10564 40f1a7 10563->10564 10565 40c397 ctype 12 API calls 10564->10565 10566 40f1af 10565->10566 10567 40c397 ctype 12 API calls 10566->10567 10568 40f1b7 10567->10568 10569 40c397 ctype 12 API calls 10568->10569 10570 40f1bf 10569->10570 10571 40c397 ctype 12 API calls 10570->10571 10572 40f1c9 10571->10572 10573 40c397 ctype 12 API calls 10572->10573 10574 40f1d1 10573->10574 10575 40c397 ctype 12 API calls 10574->10575 10576 40f1de 10575->10576 10577 40c397 ctype 12 API calls 10576->10577 10578 40f1e6 10577->10578 10579 40c397 ctype 12 API calls 10578->10579 10580 40f1f3 10579->10580 10581 40c397 ctype 12 API calls 10580->10581 10582 40f1fb 10581->10582 10583 40c397 ctype 12 API calls 10582->10583 10584 40f208 10583->10584 10585 40c397 ctype 12 API calls 10584->10585 10586 40f210 10585->10586 10741 40c397 ctype 12 API calls 10740->10741 10742 40f3fa 10741->10742 10758 401318 10757->10758 10760 40132b 10757->10760 10759 40131a Sleep 10758->10759 10758->10760 10759->10758 10761 401364 10760->10761 10762 401356 EndDialog 10760->10762 10762->10761 10763->9855 10765 4026c3 10764->10765 10766 40269b lstrcmpW 10764->10766 10765->9905 10767 4026b2 10766->10767 10767->10765 10767->10766 10768->9905 10770 402d77 10769->10770 10771 402d6b 10769->10771 10773 40284f 2 API calls 10770->10773 10787 401c0b GetStdHandle WriteFile 10771->10787 10777 402d81 10773->10777 10774 402d72 10786 4026c6 ??3@YAXPAX ??3@YAXPAX 10774->10786 10775 402dac 10776 402b04 3 API calls 10775->10776 10778 402dbe 10776->10778 10777->10775 10781 402957 2 API calls 10777->10781 10779 402de0 10778->10779 10780 402dcc 10778->10780 10783 408dd2 57 API calls 10779->10783 10782 408dd2 57 API calls 10780->10782 10781->10777 10784 402ddb ??3@YAXPAX ??3@YAXPAX 10782->10784 10783->10784 10784->10774 10786->9912 10787->10774 10789 40136a 2 API calls 10788->10789 10790 4029f1 10789->10790 10791 40136a 2 API calls 10790->10791 10792 4029fd 10791->10792 10792->9931 10794 40284f 2 API calls 10793->10794 10795 402b5b 10794->10795 10796 402b97 10795->10796 10799 4028cd 10795->10799 10796->9955 10800 4028d9 10799->10800 10801 4028df WideCharToMultiByte 10799->10801 10802 40253b 2 API calls 10800->10802 10801->10796 10802->10801 10804 407da1 10803->10804 10805 407d9c 10803->10805 10804->10805 10806 407d17 22 API calls 10804->10806 10805->10014 10806->10805 10807->10014 10808->10019 10809->10021 10810->10023 10811->10025 10812->10029 10813->10033 10814->10037 10815->10040 10817 407cb6 4 API calls 10816->10817 10818 407e71 10817->10818 10818->10051 10823 407e82 10819->10823 10822->10055 10824 407cb6 4 API calls 10823->10824 10825 407e8a 10824->10825 10825->10052 10826->10063 10828 407cb6 4 API calls 10827->10828 10829 407ebc 10828->10829 10829->10081 10830->10084 10832 402437 10831->10832 10832->10100 11633 404881 11634 404896 11633->11634 11638 4048c4 11634->11638 11640 4026c6 ??3@YAXPAX ??3@YAXPAX 11634->11640 11635 40c3c7 memmove 11636 4048d2 11635->11636 11638->11635 11639 4048b5 ??3@YAXPAX 11639->11634 11640->11639 8815 40b990 8816 40b9ad 8815->8816 8817 40b9bc 8816->8817 8820 409f70 8816->8820 8821 409f7a 8820->8821 8825 409f9a 8821->8825 8826 401d3f 8821->8826 8824 402788 48 API calls 8824->8825 8827 401d46 free 8826->8827 8828 401d4c 8826->8828 8827->8828 8828->8824 9253 40159b 9254 4015b8 9253->9254 9255 4015a8 9253->9255 9258 401521 ??3@YAXPAX 9255->9258 9259 401534 9258->9259 9260 40153a ??3@YAXPAX 9258->9260 9259->9260 9261 40154a ??3@YAXPAX 9260->9261 9261->9254 8829 40bfa2 ReadFile

                                                                                                                                                                                                    Executed Functions

                                                                                                                                                                                                    Function 00405750 Relevance: 231.1, APIs: 93, Strings: 38, Instructions: 1811keyboardwindowCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • ?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z.MSVCRT ref: 00405763
                                                                                                                                                                                                      • Part of subcall function 00401D4D: GetModuleHandleW.KERNEL32(00000000,00000000,?,?,?,?,?,?,0040576F,?,00000000), ref: 00401D59
                                                                                                                                                                                                      • Part of subcall function 00401D4D: CreateWindowExW.USER32(00000000,Static,004144C8,00000000,000000F6,000000F6,00000005,00000005,00000000,00000000,00000000), ref: 00401D76
                                                                                                                                                                                                      • Part of subcall function 00401D4D: SetTimer.USER32(00000000,00000001,00000001,00000000), ref: 00401D88
                                                                                                                                                                                                      • Part of subcall function 00401D4D: GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00401D95
                                                                                                                                                                                                      • Part of subcall function 00401D4D: DispatchMessageW.USER32(?), ref: 00401D9F
                                                                                                                                                                                                      • Part of subcall function 00401D4D: KillTimer.USER32(00000000,00000001,?,?,?,?,?,?,0040576F,?,00000000), ref: 00401DA8
                                                                                                                                                                                                      • Part of subcall function 00401D4D: KiUserCallbackDispatcher.NTDLL(00000000,?,?,?,?,?,?,0040576F,?,00000000), ref: 00401DAF
                                                                                                                                                                                                    • GetVersionExW.KERNEL32(?,?,00000000), ref: 00405780
                                                                                                                                                                                                    • GetCommandLineW.KERNEL32(?,00000020,?,00000000), ref: 00405811
                                                                                                                                                                                                      • Part of subcall function 00402E02: ??3@YAXPAX@Z.MSVCRT ref: 00402E75
                                                                                                                                                                                                      • Part of subcall function 00402E02: ??3@YAXPAX@Z.MSVCRT ref: 00402E90
                                                                                                                                                                                                      • Part of subcall function 00402E02: ??3@YAXPAX@Z.MSVCRT ref: 00402E98
                                                                                                                                                                                                      • Part of subcall function 00402E02: ??3@YAXPAX@Z.MSVCRT ref: 00402F08
                                                                                                                                                                                                      • Part of subcall function 00404424: lstrlenW.KERNEL32(00405844,00000000,00000020,-00000002,00405844,-00000002,00000000,00000000,00000000), ref: 00404458
                                                                                                                                                                                                      • Part of subcall function 00404424: lstrlenW.KERNEL32(?), ref: 00404460
                                                                                                                                                                                                    • _wtol.MSVCRT(-00000002,00000000,00000000), ref: 00405854
                                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 004058A6
                                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 004058BA
                                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 004058C2
                                                                                                                                                                                                    • GetModuleFileNameW.KERNEL32(00000000,00000208,00000000,00000000), ref: 00405938
                                                                                                                                                                                                    • _wtol.MSVCRT(-00000002), ref: 00405A54
                                                                                                                                                                                                    • ??2@YAPAXI@Z.MSVCRT ref: 00405BDC
                                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00405C5F
                                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00405CD5
                                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00405CF1
                                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00405D2F
                                                                                                                                                                                                    • wsprintfW.USER32 ref: 00405D59
                                                                                                                                                                                                      • Part of subcall function 00403305: ??2@YAPAXI@Z.MSVCRT ref: 0040330A
                                                                                                                                                                                                      • Part of subcall function 004026C6: ??3@YAXPAX@Z.MSVCRT ref: 004026CC
                                                                                                                                                                                                      • Part of subcall function 004026C6: ??3@YAXPAX@Z.MSVCRT ref: 004026D3
                                                                                                                                                                                                    • GetCommandLineW.KERNEL32(?,?,00000000,0000000A), ref: 0040607D
                                                                                                                                                                                                      • Part of subcall function 00404247: lstrlenW.KERNEL32(|g@,00000000,?,00000000,0040428E,00000000,00000000,0040677C,?,waitall,00000000,00000000,?,?,004187D0), ref: 00404254
                                                                                                                                                                                                      • Part of subcall function 00404247: lstrlenW.KERNEL32(?,?,?,004187D0), ref: 0040425D
                                                                                                                                                                                                      • Part of subcall function 00404247: _wcsnicmp.MSVCRT ref: 00404269
                                                                                                                                                                                                    • _wtol.MSVCRT(00000002,?,00000000,0000000A), ref: 00405F9A
                                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 004060F5
                                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 004060FD
                                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00406105
                                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 0040610D
                                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00406115
                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(000000FF,000000FF,?,?,?,?,00000000), ref: 00406121
                                                                                                                                                                                                    • SetProcessWorkingSetSize.KERNEL32(00000000), ref: 00406128
                                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00406145
                                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 0040614D
                                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00406155
                                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 0040615D
                                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 0040617C
                                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00406196
                                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 0040619E
                                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 004061A6
                                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 004061AE
                                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 0040625D
                                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 004062F4
                                                                                                                                                                                                    • CoInitialize.OLE32(00000000), ref: 00406321
                                                                                                                                                                                                    • _wtol.MSVCRT(00000000), ref: 00406367
                                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00406389
                                                                                                                                                                                                    • GetKeyState.USER32(00000010), ref: 004063ED
                                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00406527
                                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00406535
                                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 0040655E
                                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00406566
                                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00406582
                                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 0040658A
                                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 004065BA
                                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 004065FA
                                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00406663
                                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 0040666B
                                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00406730
                                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 0040673B
                                                                                                                                                                                                    • GetFileAttributesW.KERNEL32(?,00000000,?,?,?,?,00000000,AutoInstall,?,?,004187D0), ref: 00406745
                                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 004067FF
                                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00406807
                                                                                                                                                                                                    • _wtol.MSVCRT(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0040689B
                                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00406A7A
                                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00406A82
                                                                                                                                                                                                      • Part of subcall function 00404F96: memset.MSVCRT ref: 00404FBA
                                                                                                                                                                                                      • Part of subcall function 00404F96: ??3@YAXPAX@Z.MSVCRT ref: 00405013
                                                                                                                                                                                                      • Part of subcall function 00404F96: ??3@YAXPAX@Z.MSVCRT ref: 0040501B
                                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00406AA6
                                                                                                                                                                                                      • Part of subcall function 004023E1: LoadLibraryA.KERNEL32(kernel32,Wow64RevertWow64FsRedirection,00406ACC,00000000,?,?), ref: 004023F4
                                                                                                                                                                                                      • Part of subcall function 004023E1: GetProcAddress.KERNEL32(00000000), ref: 004023FB
                                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00406AEF
                                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00406AF7
                                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00406AFF
                                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00406B05
                                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00406B8F
                                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00406BB0
                                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00406BB8
                                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00406BC0
                                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00406BC6
                                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00406BCE
                                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00406BD6
                                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00406BDE
                                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00406BFD
                                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00406C05
                                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00406C0D
                                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00406C13
                                                                                                                                                                                                    • SetCurrentDirectoryW.KERNELBASE(?,?,?,?,?,?,00000000,?,?), ref: 00406C4C
                                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00406C76
                                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00406282
                                                                                                                                                                                                      • Part of subcall function 00407D17: ??3@YAXPAX@Z.MSVCRT ref: 00407D77
                                                                                                                                                                                                      • Part of subcall function 00407D17: ??3@YAXPAX@Z.MSVCRT ref: 00407D7F
                                                                                                                                                                                                      • Part of subcall function 00407A8A: ??3@YAXPAX@Z.MSVCRT ref: 00407A93
                                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00406D3A
                                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00406D42
                                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00406D59
                                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00406D6D
                                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00406D75
                                                                                                                                                                                                    • MessageBoxA.USER32(00000000,Sorry, this program requires Microsoft Windows 2000 or later.,7-Zip SFX,00000010), ref: 00406D8E
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2546432228.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546415924.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546451744.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546468385.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546484548.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ??3@$_wtol$lstrlen$Message$??2@CommandCurrentFileLineModuleProcessTimer$?_set_new_handler@@AddressAttributesCallbackCreateDirectoryDispatchDispatcherHandleInitializeKillLibraryLoadNameProcSizeStateUserVersionWindowWorking_wcsnicmpmemsetwsprintf
                                                                                                                                                                                                    • String ID: " -$7-Zip SFX$7ZipSfx.%03x$7zSfxString%d$AutoInstall$BeginPrompt$BeginPromptTimeout$Delete$ExecuteFile$ExecuteParameters$FinishMessage$GUIFlags$GUIMode$HelpText$InstallPath$MiscFlags$OverwriteMode$RunProgram$SelfDelete$SetEnvironment$Shortcut$Sorry, this program requires Microsoft Windows 2000 or later.$amd64$bpt$del$forcenowait$hidcon$i386$nowait$setup.exe$sfxconfig$sfxelevation$sfxversion$sfxwaitall$shc$waitall$x64$x86
                                                                                                                                                                                                    • API String ID: 1141480454-1804565692
                                                                                                                                                                                                    • Opcode ID: 70ada06d190f9b080b1a6555411ee1e451d72c36f217fb2ecdd21aa89c461c22
                                                                                                                                                                                                    • Instruction ID: 839f8ad789dc81d3af8c82f495bd702834d4a62b9ebc11d4b30192562ff1c903
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 70ada06d190f9b080b1a6555411ee1e451d72c36f217fb2ecdd21aa89c461c22
                                                                                                                                                                                                    • Instruction Fuzzy Hash: E9D2DE71904208AADB10AF61DD46AEF37A8EF40318F54403FF906B61E1EB7D99A1CB5D
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00401841 Relevance: 22.8, APIs: 15, Instructions: 304COMMON
                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 724 401841-401851 725 401853-401858 724->725 726 40185d-401888 call 40d7d7 call 40f78d 724->726 727 401b9b-401b9e 725->727 731 40188a 726->731 732 40189b-4018a7 call 401484 726->732 733 40188c-401896 call 40c125 731->733 738 401b7d-401b98 ??3@YAXPAX@Z call 40c125 732->738 739 4018ad-4018b2 732->739 740 401b9a 733->740 738->740 739->738 741 4018b8-4018ee call 40139c call 40157d call 4013d5 ??3@YAXPAX@Z 739->741 740->727 751 401b63-401b66 741->751 752 4018f4-401913 741->752 753 401b68-401b7b ??3@YAXPAX@Z call 40c125 751->753 756 401915-401929 call 40c125 ??3@YAXPAX@Z 752->756 757 40192e-401932 752->757 753->740 756->733 760 401934-401937 757->760 761 401939-40193e 757->761 763 401966-40197d 760->763 764 401960-401963 761->764 765 401940 761->765 763->756 768 40197f-4019a2 763->768 764->763 766 401942-401948 765->766 770 40194a-40195b call 40c125 ??3@YAXPAX@Z 766->770 773 4019a4-4019b8 call 40c125 ??3@YAXPAX@Z 768->773 774 4019bd-4019c3 768->774 770->733 773->733 777 4019c5-4019c8 774->777 778 4019df-4019f1 GetLocalTime SystemTimeToFileTime 774->778 780 4019d1-4019dd 777->780 781 4019ca-4019cc 777->781 782 4019f7-4019fa 778->782 780->782 781->766 783 401a13-401a1a call 4033b3 782->783 784 4019fc-401a06 call 40371d 782->784 788 401a1f-401a24 783->788 784->770 789 401a0c-401a0e 784->789 790 401a2a-401a2d 788->790 791 401b4f-401b5e GetLastError 788->791 789->766 792 401a33-401a3d ??2@YAPAXI@Z 790->792 793 401b45-401b48 790->793 791->751 795 401a4e 792->795 796 401a3f-401a4c 792->796 793->791 797 401a50-401a74 call 401132 call 40c019 795->797 796->797 802 401b2a-401b43 call 40114b call 40c125 797->802 803 401a7a-401a98 GetLastError call 40136a call 4030f3 797->803 802->753 812 401ad5-401aea call 40371d 803->812 813 401a9a-401aa1 803->813 819 401af6-401b0e call 40c019 812->819 820 401aec-401af4 812->820 815 401aa5-401ab5 ??3@YAXPAX@Z 813->815 817 401ab7-401ab9 815->817 818 401abd-401ad0 call 40c125 ??3@YAXPAX@Z 815->818 817->818 818->733 826 401b10-401b1f GetLastError 819->826 827 401b21-401b29 ??3@YAXPAX@Z 819->827 820->815 826->815 827->802
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2546432228.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546415924.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546451744.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546468385.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546484548.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 451186c113f653c617f2b4c303cd8cc1d100b7aa9b3bcf13a371010ef4c090fb
                                                                                                                                                                                                    • Instruction ID: 0cae968632e73b1968c90da9ca4dea23e5e4de3726d7a027592f3d205df29353
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 451186c113f653c617f2b4c303cd8cc1d100b7aa9b3bcf13a371010ef4c090fb
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 22B14A71900209EFCB14EFA5D8849EEB7B5FF44314B10852BF412BB2A1EB78A945CB58
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 004033B3 Relevance: 7.5, APIs: 5, Instructions: 45COMMON
                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 947 4033b3-4033ca GetFileAttributesW 948 4033d0-4033d2 947->948 949 4033cc-4033ce 947->949 951 4033e1-4033e8 948->951 952 4033d4-4033df SetLastError 948->952 950 403429-40342b 949->950 953 4033f3-4033f6 951->953 954 4033ea-4033f1 call 403386 951->954 952->950 956 403426-403428 953->956 957 4033f8-403409 FindFirstFileW 953->957 954->950 956->950 957->954 959 40340b-403424 FindClose CompareFileTime 957->959 959->954 959->956
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetFileAttributesW.KERNELBASE(?,-00000001), ref: 004033C1
                                                                                                                                                                                                    • SetLastError.KERNEL32(00000010), ref: 004033D6
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2546432228.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546415924.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546451744.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546468385.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546484548.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: AttributesErrorFileLast
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1799206407-0
                                                                                                                                                                                                    • Opcode ID: 7f02d877fe96693e79d52cb70461d1cf76c14600a7221cb4648c6da81f4608cf
                                                                                                                                                                                                    • Instruction ID: 608ba71f646b69bc36d7accade446189952d3e61ba5e6ec9fefd2cffda7f1f25
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7f02d877fe96693e79d52cb70461d1cf76c14600a7221cb4648c6da81f4608cf
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3A01D6315001156BDB105FB4AC8D9DA3B5CAF51327F504632F922F11E0EB38D741465D
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00412DCF Relevance: 16.6, APIs: 11, Instructions: 111COMMON
                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 830 412dcf-412e44 __set_app_type __p__fmode __p__commode call 412f5b 833 412e52-412ea9 call 412f46 _initterm __getmainargs _initterm 830->833 834 412e46-412e51 __setusermatherr 830->834 837 412ee5-412ee8 833->837 838 412eab-412eb3 833->838 834->833 841 412ec2-412ec6 837->841 842 412eea-412eee 837->842 839 412eb5-412eb7 838->839 840 412eb9-412ebc 838->840 839->838 839->840 840->841 843 412ebe-412ebf 840->843 844 412ec8-412eca 841->844 845 412ecc-412edd GetStartupInfoA 841->845 842->837 843->841 844->843 844->845 846 412ef0-412ef2 845->846 847 412edf-412ee3 845->847 848 412ef3-412f20 GetModuleHandleA call 406da1 exit _XcptFilter 846->848 847->848
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2546432228.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546415924.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546451744.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546468385.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546484548.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _initterm$FilterHandleInfoModuleStartupXcpt__getmainargs__p__commode__p__fmode__set_app_type__setusermatherrexit
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 801014965-0
                                                                                                                                                                                                    • Opcode ID: 329fb5ec40b1a3e22881c27b52012f5837425f84134cca069eaa34249d5edeef
                                                                                                                                                                                                    • Instruction ID: 4f71473f6c996e876dfffe8074da0a06471e4f97bcacb5e315fccfc2763ddc53
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 329fb5ec40b1a3e22881c27b52012f5837425f84134cca069eaa34249d5edeef
                                                                                                                                                                                                    • Instruction Fuzzy Hash: B241AEB4940348AFCB209FA4DD49AEA7BB8FB49710F20412FF841D7291DBB849D1DB59
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00401D4D Relevance: 14.0, APIs: 7, Strings: 1, Instructions: 47timewindowCOMMON
                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetModuleHandleW.KERNEL32(00000000,00000000,?,?,?,?,?,?,0040576F,?,00000000), ref: 00401D59
                                                                                                                                                                                                    • CreateWindowExW.USER32(00000000,Static,004144C8,00000000,000000F6,000000F6,00000005,00000005,00000000,00000000,00000000), ref: 00401D76
                                                                                                                                                                                                    • SetTimer.USER32(00000000,00000001,00000001,00000000), ref: 00401D88
                                                                                                                                                                                                    • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00401D95
                                                                                                                                                                                                    • DispatchMessageW.USER32(?), ref: 00401D9F
                                                                                                                                                                                                    • KillTimer.USER32(00000000,00000001,?,?,?,?,?,?,0040576F,?,00000000), ref: 00401DA8
                                                                                                                                                                                                    • KiUserCallbackDispatcher.NTDLL(00000000,?,?,?,?,?,?,0040576F,?,00000000), ref: 00401DAF
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2546432228.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546415924.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546451744.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546468385.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546484548.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: MessageTimer$CallbackCreateDispatchDispatcherHandleKillModuleUserWindow
                                                                                                                                                                                                    • String ID: Static
                                                                                                                                                                                                    • API String ID: 2479445380-2272013587
                                                                                                                                                                                                    • Opcode ID: 003be153fc8e0c227edcd4b239f3674ac5eb22499557d269a0105fd8ff32caa2
                                                                                                                                                                                                    • Instruction ID: eff3e12e9f1823bf2594ac1749915e0bfe43eaadbfefd36aad20e809da0bd704
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 003be153fc8e0c227edcd4b239f3674ac5eb22499557d269a0105fd8ff32caa2
                                                                                                                                                                                                    • Instruction Fuzzy Hash: AAF0F4715421257BDA202BA6AC4DFDF3E6CDFC6BB2F114261FA19A10D0DA784081C6B9
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 0040371D Relevance: 10.6, APIs: 7, Instructions: 145stringtimeCOMMON
                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 854 40371d-403743 lstrlenW call 40279d 857 403745-403749 call 40119e 854->857 858 40374e-40375a 854->858 857->858 860 403762-403768 858->860 861 40375c-403760 858->861 862 40376b-40376d 860->862 861->860 861->862 863 403791-40379a call 401ba1 862->863 866 403780-403782 863->866 867 40379c-4037af GetSystemTimeAsFileTime GetFileAttributesW 863->867 868 403784-403786 866->868 869 40376f-403777 866->869 870 4037b1-4037bf call 4033b3 867->870 871 4037c8-4037d1 call 401ba1 867->871 873 403840-403846 868->873 874 40378c 868->874 869->868 872 403779-40377d 869->872 870->871 886 4037c1-4037c3 870->886 882 4037e2-4037e4 871->882 883 4037d3-4037e0 call 408dd2 871->883 872->868 880 40377f 872->880 878 403870-403883 call 408dd2 ??3@YAXPAX@Z 873->878 879 403848-403853 873->879 874->863 893 403885-403889 878->893 879->878 884 403855-403859 879->884 880->866 889 403834-40383e ??3@YAXPAX@Z 882->889 890 4037e6-403805 memcpy 882->890 883->886 884->878 888 40385b-403860 884->888 892 403865-40386e ??3@YAXPAX@Z 886->892 888->878 895 403862-403864 888->895 889->893 896 403807 890->896 897 40381a-40381e 890->897 892->893 895->892 898 403819 896->898 899 403820-40382d call 401ba1 897->899 900 403809-403811 897->900 898->897 899->883 904 40382f-403832 899->904 900->899 901 403813-403817 900->901 901->898 901->899 904->889 904->890
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • lstrlenW.KERNEL32(004017FB,00000000,?,?,?,?,?,?,004017FB,?), ref: 0040372A
                                                                                                                                                                                                    • GetSystemTimeAsFileTime.KERNEL32(?,004017FB,?,?,?,?,004017FB,?), ref: 004037A0
                                                                                                                                                                                                    • GetFileAttributesW.KERNELBASE(?,?,?,?,?,004017FB,?), ref: 004037A7
                                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00403866
                                                                                                                                                                                                      • Part of subcall function 0040119E: ??2@YAPAXI@Z.MSVCRT ref: 004011BE
                                                                                                                                                                                                      • Part of subcall function 0040119E: ??3@YAXPAX@Z.MSVCRT ref: 004011E4
                                                                                                                                                                                                    • memcpy.MSVCRT ref: 004037F8
                                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00403835
                                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 0040387B
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2546432228.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546415924.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546451744.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546468385.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546484548.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ??3@$FileTime$??2@AttributesSystemlstrlenmemcpy
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 846840743-0
                                                                                                                                                                                                    • Opcode ID: 75e82deebf4219ee601feba78d368a50ad9d49ea69c3682dd46ef2bf704f6b93
                                                                                                                                                                                                    • Instruction ID: 3276eaba2f91510ab784efe6cdcb99c4529a15556bd6a795246fe739cc12f76e
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 75e82deebf4219ee601feba78d368a50ad9d49ea69c3682dd46ef2bf704f6b93
                                                                                                                                                                                                    • Instruction Fuzzy Hash: AB41EBB6900115A6D720BF698945ABF7BBCEF00716F50817BF901B32C1E77C9A4242ED
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 0040239B Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 19libraryloaderCOMMON
                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 905 40239b-4023ba LoadLibraryA GetProcAddress 906 4023c8-4023cb 905->906 907 4023bc-4023c7 GetNativeSystemInfo 905->907
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • LoadLibraryA.KERNEL32(kernel32,GetNativeSystemInfo,?,?,?,?,?,004023D1,00405BCF,00418818,00418818), ref: 004023AB
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000), ref: 004023B2
                                                                                                                                                                                                    • GetNativeSystemInfo.KERNELBASE(?,?,?,?,?,?,004023D1,00405BCF,00418818,00418818), ref: 004023C0
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2546432228.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546415924.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546451744.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546468385.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546484548.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: AddressInfoLibraryLoadNativeProcSystem
                                                                                                                                                                                                    • String ID: GetNativeSystemInfo$kernel32
                                                                                                                                                                                                    • API String ID: 2103483237-3846845290
                                                                                                                                                                                                    • Opcode ID: 29c8b91972701315efc4f7d7d8bddbd6f250053e02b88915a068c2978826be41
                                                                                                                                                                                                    • Instruction ID: afd952334ce5608e5f84ab2444d6511bb433925e4e51cff7b4d4dc1f25dbb455
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 29c8b91972701315efc4f7d7d8bddbd6f250053e02b88915a068c2978826be41
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 35D05EB070030877CB10EBB56D0EADB32F859C8B487100461A902F10C0EABCDE80C378
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00410275 Relevance: 7.6, APIs: 5, Instructions: 141COMMON
                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 908 410275-410292 call 40d650 911 410298-41029f call 40fd7e 908->911 912 4103ca-4103cd 908->912 915 4102a1-4102a3 911->915 916 4102a8-4102d7 call 40d5b6 memcpy 911->916 915->912 919 4102da-4102e2 916->919 920 4102e4-4102f2 919->920 921 4102fa-410312 919->921 922 4102f4 920->922 923 41036e-410377 ??3@YAXPAX@Z 920->923 927 410314-410319 921->927 928 410379 921->928 922->921 926 4102f6-4102f8 922->926 924 4103c8-4103c9 923->924 924->912 926->921 926->923 930 41031b-410323 927->930 931 41037e-410381 927->931 929 41037b-41037c 928->929 932 4103c1-4103c6 ??3@YAXPAX@Z 929->932 933 410325 930->933 934 410357-410369 memmove 930->934 931->929 932->924 935 410334-410338 933->935 934->919 936 41033a-41033c 935->936 937 41032c-41032e 935->937 936->934 939 41033e-410347 call 40fd7e 936->939 937->934 938 410330-410331 937->938 938->935 942 410383-4103b9 memcpy call 40c5fe 939->942 943 410349-410355 939->943 945 4103bc-4103bf 942->945 943->934 944 410327-41032a 943->944 944->935 945->932
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2546432228.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546415924.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546451744.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546468385.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546484548.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ??3@memcpymemmove
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3549172513-0
                                                                                                                                                                                                    • Opcode ID: 6b02684eeb5e7b41fb38fd2ca6da54966698f13f169ef9e7084ae70f98d405d5
                                                                                                                                                                                                    • Instruction ID: 63a56fa8281db28ad90281e808061650b4139096c2ab0ad2d55df77e1dad3be2
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6b02684eeb5e7b41fb38fd2ca6da54966698f13f169ef9e7084ae70f98d405d5
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0B41A171A00208ABDB24DFA5C944AEEB7B4FF44744F14456EE841E7241D7B8EEC18B59
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 0040E827 Relevance: 7.4, APIs: 3, Strings: 1, Instructions: 388COMMON
                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 960 40e827-40e86f _EH_prolog call 401132 963 40e871-40e874 960->963 964 40e877-40e87a 960->964 963->964 965 40e890-40e8b5 964->965 966 40e87c-40e881 964->966 967 40e8b7-40e8bd 965->967 968 40e883-40e885 966->968 969 40e889-40e88b 966->969 970 40e8c3-40e8c7 967->970 971 40e987-40e99a call 4011fd 967->971 968->969 972 40ecf3-40ed04 969->972 973 40e8c9-40e8cc 970->973 974 40e8cf-40e8de 970->974 981 40e9b1-40e9d6 call 40deaa ??2@YAPAXI@Z 971->981 982 40e99c-40e9a6 call 40e585 971->982 973->974 975 40e8e0-40e8f6 call 40e640 call 40e7fd call 40c419 974->975 976 40e903-40e908 974->976 998 40e8fb-40e901 975->998 979 40e916-40e950 call 40e640 call 40e7fd call 40c419 call 40e717 976->979 980 40e90a-40e914 976->980 985 40e953-40e969 979->985 980->979 980->985 994 40e9e1-40e9fa call 401132 call 40d1d1 981->994 995 40e9d8-40e9df call 40d2a4 981->995 1000 40e9aa-40e9ac 982->1000 991 40e96c-40e974 985->991 997 40e976-40e985 call 40e563 991->997 991->998 1014 40e9fd-40ea20 call 40d1c6 994->1014 995->994 997->991 998->967 1000->972 1017 40ea22-40ea27 1014->1017 1018 40ea56-40ea59 1014->1018 1019 40ea29-40ea2b 1017->1019 1020 40ea2f-40ea47 call 40e690 call 40e585 1017->1020 1021 40ea85-40eaa9 ??2@YAPAXI@Z 1018->1021 1022 40ea5b-40ea60 1018->1022 1019->1020 1040 40ea49-40ea4b 1020->1040 1041 40ea4f-40ea51 1020->1041 1024 40eab4 1021->1024 1025 40eaab-40eab2 call 40ed7f 1021->1025 1026 40ea62-40ea64 1022->1026 1027 40ea68-40ea7e call 40e690 call 40e585 1022->1027 1031 40eab6-40eacd call 401132 1024->1031 1025->1031 1026->1027 1027->1021 1042 40eadb-40eb00 call 40f112 1031->1042 1043 40eacf-40ead8 1031->1043 1040->1041 1041->972 1046 40eb02-40eb07 1042->1046 1047 40eb43-40eb46 1042->1047 1043->1042 1050 40eb09-40eb0b 1046->1050 1051 40eb0f-40eb14 1046->1051 1048 40eb4c-40eba9 call 40e763 call 40e611 call 40e008 1047->1048 1049 40ecae-40ecb3 1047->1049 1065 40ebae-40ebb3 1048->1065 1055 40ecb5-40ecb6 1049->1055 1056 40ecbb-40ecdf 1049->1056 1050->1051 1053 40eb16-40eb18 1051->1053 1054 40eb1c-40eb34 call 40e690 call 40e585 1051->1054 1053->1054 1066 40eb36-40eb38 1054->1066 1067 40eb3c-40eb3e 1054->1067 1055->1056 1056->972 1056->1014 1068 40ec15-40ec1b 1065->1068 1069 40ebb5 1065->1069 1066->1067 1067->972 1070 40ec21-40ec23 1068->1070 1071 40ec1d-40ec1f 1068->1071 1072 40ebb7 1069->1072 1073 40ebc5-40ebc7 1070->1073 1074 40ec25-40ec31 1070->1074 1071->1072 1075 40ebba-40ebc3 call 40f0bf 1072->1075 1079 40ebc9-40ebca 1073->1079 1080 40ebcf-40ebd1 1073->1080 1076 40ec33-40ec35 1074->1076 1077 40ec37-40ec3d 1074->1077 1075->1073 1086 40ec02-40ec04 1075->1086 1076->1075 1077->1056 1083 40ec3f-40ec45 1077->1083 1079->1080 1081 40ebd3-40ebd5 1080->1081 1082 40ebd9-40ebf1 call 40e690 call 40e585 1080->1082 1081->1082 1082->1000 1093 40ebf7-40ebfd 1082->1093 1083->1056 1089 40ec06-40ec08 1086->1089 1090 40ec0c-40ec10 1086->1090 1089->1090 1090->1056 1093->1000
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • _EH_prolog.MSVCRT ref: 0040E830
                                                                                                                                                                                                    • ??2@YAPAXI@Z.MSVCRT ref: 0040E9CE
                                                                                                                                                                                                    • ??2@YAPAXI@Z.MSVCRT ref: 0040EAA1
                                                                                                                                                                                                      • Part of subcall function 0040ED7F: ??2@YAPAXI@Z.MSVCRT ref: 0040EDA7
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2546432228.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546415924.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546451744.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546468385.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546484548.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ??2@$H_prolog
                                                                                                                                                                                                    • String ID: <]A
                                                                                                                                                                                                    • API String ID: 3431946709-3707672569
                                                                                                                                                                                                    • Opcode ID: 04cf34d8ff487bea99b6e38d770e7741b1dc371dfc0d2de79d58089e98610788
                                                                                                                                                                                                    • Instruction ID: fb09e060f7b5ded2eb6e5006c13314ba223be2c96fd0a2c6114c4de45a1c8ed0
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 04cf34d8ff487bea99b6e38d770e7741b1dc371dfc0d2de79d58089e98610788
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 00F14970600208DFDB24DF6AC884AAA77E5BF48314F14496AFC16AB292DB39ED51CF54
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00404932 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 92COMMON
                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 1096 404932-4049b3 #17 call 412910 call 40215d call 4021b3 * 7 1115 4049b8-4049cc SHGetSpecialFolderPathW 1096->1115 1116 404a61-404a65 1115->1116 1117 4049d2-404a1c wsprintfW call 401484 * 2 call 40139c * 2 call 403305 1115->1117 1116->1115 1119 404a6b-404a6f 1116->1119 1128 404a21-404a27 1117->1128 1129 404a51-404a57 1128->1129 1130 404a29-404a4c call 40139c * 2 call 403305 1128->1130 1129->1128 1132 404a59-404a5c call 4026c6 1129->1132 1130->1129 1132->1116
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • #17.COMCTL32(00000000,00000020,-00000002), ref: 0040493E
                                                                                                                                                                                                      • Part of subcall function 0040215D: GetUserDefaultUILanguage.KERNEL32(0040494E), ref: 00402167
                                                                                                                                                                                                      • Part of subcall function 004021B3: GetLastError.KERNEL32(00000000,00000020,-00000002), ref: 00402202
                                                                                                                                                                                                      • Part of subcall function 004021B3: wsprintfW.USER32 ref: 00402213
                                                                                                                                                                                                      • Part of subcall function 004021B3: GetEnvironmentVariableW.KERNEL32(?,00000000,00000000), ref: 00402228
                                                                                                                                                                                                      • Part of subcall function 004021B3: GetLastError.KERNEL32 ref: 0040222D
                                                                                                                                                                                                      • Part of subcall function 004021B3: ??2@YAPAXI@Z.MSVCRT ref: 00402248
                                                                                                                                                                                                      • Part of subcall function 004021B3: GetEnvironmentVariableW.KERNEL32(?,00000000,00000004), ref: 0040225B
                                                                                                                                                                                                      • Part of subcall function 004021B3: GetLastError.KERNEL32 ref: 00402262
                                                                                                                                                                                                      • Part of subcall function 004021B3: lstrcmpiW.KERNEL32(00000000,00404955), ref: 00402277
                                                                                                                                                                                                      • Part of subcall function 004021B3: ??3@YAXPAX@Z.MSVCRT ref: 00402287
                                                                                                                                                                                                      • Part of subcall function 004021B3: SetLastError.KERNEL32(?), ref: 004022AE
                                                                                                                                                                                                      • Part of subcall function 004021B3: lstrlenA.KERNEL32(00415208), ref: 004022E2
                                                                                                                                                                                                      • Part of subcall function 004021B3: ??2@YAPAXI@Z.MSVCRT ref: 004022FD
                                                                                                                                                                                                      • Part of subcall function 004021B3: GetLocaleInfoW.KERNEL32(?,00001004,?,0000001F), ref: 0040232F
                                                                                                                                                                                                      • Part of subcall function 004021B3: ??3@YAXPAX@Z.MSVCRT ref: 004022A5
                                                                                                                                                                                                      • Part of subcall function 004021B3: _wtol.MSVCRT(?), ref: 00402340
                                                                                                                                                                                                      • Part of subcall function 004021B3: MultiByteToWideChar.KERNEL32(00000000,00415208,00000001,00000000,00000002), ref: 00402360
                                                                                                                                                                                                    • SHGetSpecialFolderPathW.SHELL32(00000000,?,00000000,00000000), ref: 004049C4
                                                                                                                                                                                                    • wsprintfW.USER32 ref: 004049DF
                                                                                                                                                                                                      • Part of subcall function 00403305: ??2@YAPAXI@Z.MSVCRT ref: 0040330A
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2546432228.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546415924.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546451744.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546468385.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546484548.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ErrorLast$??2@$??3@EnvironmentVariablewsprintf$ByteCharDefaultFolderInfoLanguageLocaleMultiPathSpecialUserWide_wtollstrcmpilstrlen
                                                                                                                                                                                                    • String ID: 7zSfxFolder%02d
                                                                                                                                                                                                    • API String ID: 3387708999-2820892521
                                                                                                                                                                                                    • Opcode ID: f726563fb2b2250325101bcf8807e48b976bb1d9adb6114e41abcfa48ef34141
                                                                                                                                                                                                    • Instruction ID: ef9653e53972978df07657c60cee51bcb8c88d210e083c37f24b76d073d3d503
                                                                                                                                                                                                    • Opcode Fuzzy Hash: f726563fb2b2250325101bcf8807e48b976bb1d9adb6114e41abcfa48ef34141
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 38316371D002099BDB01FBA1ED8AADE7B78AB40304F14407FA619B61E1EFB956448B58
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00402C1A Relevance: 6.4, APIs: 5, Instructions: 118stringCOMMON
                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 1138 402c1a-402c64 call 412c00 call 40c5fe lstrlenA * 2 1142 402c69-402c85 call 40c5ca 1138->1142 1144 402d55 1142->1144 1145 402c8b-402c90 1142->1145 1146 402d57-402d5b 1144->1146 1145->1144 1147 402c96-402ca0 1145->1147 1148 402ca3-402ca8 1147->1148 1149 402ce7-402cec 1148->1149 1150 402caa-402caf 1148->1150 1151 402d11-402d35 memmove 1149->1151 1152 402cee-402d01 memcmp 1149->1152 1150->1151 1153 402cb1-402cc4 memcmp 1150->1153 1158 402d44-402d4f 1151->1158 1159 402d37-402d3e 1151->1159 1156 402ce1-402ce5 1152->1156 1157 402d03-402d0f 1152->1157 1154 402d51-402d53 1153->1154 1155 402cca-402cd4 1153->1155 1154->1146 1155->1144 1160 402cd6-402cdc call 402957 1155->1160 1156->1148 1157->1148 1158->1146 1159->1158 1161 402c66 1159->1161 1160->1156 1161->1142
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • lstrlenA.KERNEL32(?,?,00403D3A,00418818,?,?,00405C4E,00000000,00000000,?,?,?,00000000,-00000002), ref: 00402C4C
                                                                                                                                                                                                    • lstrlenA.KERNEL32(?,?,00403D3A,00418818,?,?,00405C4E,00000000,00000000,?,?,?,00000000,-00000002), ref: 00402C54
                                                                                                                                                                                                    • memcmp.MSVCRT ref: 00402CBA
                                                                                                                                                                                                    • memcmp.MSVCRT ref: 00402CF7
                                                                                                                                                                                                    • memmove.MSVCRT ref: 00402D29
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2546432228.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546415924.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546451744.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546468385.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546484548.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: lstrlenmemcmp$memmove
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3251180759-0
                                                                                                                                                                                                    • Opcode ID: a05ed66240b8c48cd1d6013260c459d9ae8ab5bba4ea14475bffcaa69264c57e
                                                                                                                                                                                                    • Instruction ID: b3b94cb524035ad5456d55853ae81138a361194cb35f605d71d704438a574b18
                                                                                                                                                                                                    • Opcode Fuzzy Hash: a05ed66240b8c48cd1d6013260c459d9ae8ab5bba4ea14475bffcaa69264c57e
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4A417E72D0425AAFDF01DFA4C9889EEBBB9FF08344F14406AE805B3291D3B49E55CB55
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 0040163D Relevance: 6.1, APIs: 4, Instructions: 100synchronizationthreadCOMMON
                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 1165 40163d-401693 call 40114b call 40139c call 401552 CreateThread 1172 401695 call 408532 1165->1172 1173 40169a-4016b5 WaitForSingleObject 1165->1173 1172->1173 1175 4016b7-4016ba 1173->1175 1176 4016e9-4016ef 1173->1176 1177 4016bc-4016bf 1175->1177 1178 4016dd 1175->1178 1179 4016f1-401706 GetExitCodeThread 1176->1179 1180 40174d 1176->1180 1183 4016c1-4016c4 1177->1183 1184 4016d9-4016db 1177->1184 1185 4016df-4016e7 call 408dd2 1178->1185 1181 401710-40171b 1179->1181 1182 401708-40170a 1179->1182 1186 401752-401755 1180->1186 1188 401723-40172c 1181->1188 1189 40171d-40171e 1181->1189 1182->1181 1187 40170c-40170e 1182->1187 1190 4016d5-4016d7 1183->1190 1191 4016c6-4016c9 1183->1191 1184->1185 1185->1180 1187->1186 1194 401737-401743 SetLastError 1188->1194 1195 40172e-401735 1188->1195 1193 401720-401721 1189->1193 1190->1185 1196 4016d0-4016d3 1191->1196 1197 4016cb-4016ce 1191->1197 1199 401745-40174a call 408dd2 1193->1199 1194->1199 1195->1180 1195->1194 1196->1193 1197->1180 1197->1196 1199->1180
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • CreateThread.KERNELBASE(00000000,00000000,0040130F,00000000,00000000,?), ref: 00401681
                                                                                                                                                                                                    • WaitForSingleObject.KERNEL32(000000FF,?,00401821,?,?), ref: 004016A2
                                                                                                                                                                                                      • Part of subcall function 00408DD2: wvsprintfW.USER32(?,00000000,?), ref: 00408DF6
                                                                                                                                                                                                      • Part of subcall function 00408DD2: GetLastError.KERNEL32 ref: 00408E07
                                                                                                                                                                                                      • Part of subcall function 00408DD2: FormatMessageW.KERNEL32(00001100,00000000,00000000,?,?,00000000,00406BA8), ref: 00408E2F
                                                                                                                                                                                                      • Part of subcall function 00408DD2: FormatMessageW.KERNEL32(00001100,00000000,?,00000000,?,00000000,00406BA8), ref: 00408E44
                                                                                                                                                                                                      • Part of subcall function 00408DD2: lstrlenW.KERNEL32(?), ref: 00408E57
                                                                                                                                                                                                      • Part of subcall function 00408DD2: lstrlenW.KERNEL32(?), ref: 00408E5E
                                                                                                                                                                                                      • Part of subcall function 00408DD2: ??2@YAPAXI@Z.MSVCRT ref: 00408E73
                                                                                                                                                                                                      • Part of subcall function 00408DD2: lstrcpyW.KERNEL32(00000000,?), ref: 00408E89
                                                                                                                                                                                                      • Part of subcall function 00408DD2: lstrcpyW.KERNEL32(-00000002,?), ref: 00408E9A
                                                                                                                                                                                                      • Part of subcall function 00408DD2: ??3@YAXPAX@Z.MSVCRT ref: 00408EA3
                                                                                                                                                                                                      • Part of subcall function 00408DD2: LocalFree.KERNEL32(?), ref: 00408EAD
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2546432228.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546415924.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546451744.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546468385.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546484548.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: FormatMessagelstrcpylstrlen$??2@??3@CreateErrorFreeLastLocalObjectSingleThreadWaitwvsprintf
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 359084233-0
                                                                                                                                                                                                    • Opcode ID: 5784c911f70ec8615644968fb8a473c4f5c63dc6ffda89886972cfc35f3b4edb
                                                                                                                                                                                                    • Instruction ID: 7d3ff62e437ea0c91cf1abde2eedf7a668452c74c486bf28c73a25e4bfcfdf4b
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5784c911f70ec8615644968fb8a473c4f5c63dc6ffda89886972cfc35f3b4edb
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6E31D171600200BBEB316B15DC49AAB36A9EB95750F34853FF416B62F0DA798881DB1D
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00401BA1 Relevance: 6.0, APIs: 4, Instructions: 27COMMON
                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 1202 401ba1-401bb0 CreateDirectoryW 1203 401be2-401be6 1202->1203 1204 401bb2-401bbf GetLastError 1202->1204 1205 401bc1 1204->1205 1206 401bcc-401bd9 GetFileAttributesW 1204->1206 1207 401bc2-401bcb SetLastError 1205->1207 1206->1203 1208 401bdb-401bdd 1206->1208 1208->1203 1209 401bdf-401be0 1208->1209 1209->1207
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • CreateDirectoryW.KERNELBASE(00403797,00000000,-00000001,00403797,?,004017FB,?,?,?,?,004017FB,?), ref: 00401BA8
                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,004017FB,?), ref: 00401BB2
                                                                                                                                                                                                    • SetLastError.KERNEL32(000000B7,?,?,?,?,004017FB,?), ref: 00401BC2
                                                                                                                                                                                                    • GetFileAttributesW.KERNELBASE(?,?,?,?,?,004017FB,?), ref: 00401BD0
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2546432228.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546415924.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546451744.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546468385.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546484548.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ErrorLast$AttributesCreateDirectoryFile
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 635176117-0
                                                                                                                                                                                                    • Opcode ID: 8f2a3c8d3dbd0b9b157f311614eca2aec544d8a8cefd4afcfa6ece4cce76612a
                                                                                                                                                                                                    • Instruction ID: f7db12ecad7dba541322b8e170da9c659b9c03f701e9f85f77f9de7f49b8af7a
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8f2a3c8d3dbd0b9b157f311614eca2aec544d8a8cefd4afcfa6ece4cce76612a
                                                                                                                                                                                                    • Instruction Fuzzy Hash: EFE012305581106BDB101FB4FC4CB9B7EA9AB95325F608975F469E41F4E3349C814559
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00403CBF Relevance: 4.7, APIs: 3, Instructions: 151COMMON
                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 1210 403cbf-403cd1 call 40239b 1213 403cd3-403cd6 1210->1213 1214 403ced-403cf4 1210->1214 1215 403cd8-403cdb 1213->1215 1216 403cdd-403ceb 1213->1216 1217 403cfb 1214->1217 1218 403cfe-403d3f call 40284f * 3 call 403bce call 402c1a 1215->1218 1216->1217 1217->1218 1229 403d41 1218->1229 1230 403d45-403d59 call 40291f 1218->1230 1229->1230 1233 403da8-403daa 1230->1233 1234 403d5b-403d77 call 403bce call 402c1a 1233->1234 1235 403dac-403dd9 call 403bce call 402c1a 1233->1235 1242 403d7c-403d81 1234->1242 1244 403ddb 1235->1244 1245 403ddf-403df0 call 4029b5 1235->1245 1246 403da3-403da6 1242->1246 1247 403d83-403d86 1242->1247 1244->1245 1254 403e46-403e48 1245->1254 1246->1233 1249 403d94-403d9f call 4029b5 1247->1249 1250 403d88-403d8f call 40297f 1247->1250 1249->1246 1250->1249 1256 403df2-403e15 call 403bce call 402c1a 1254->1256 1257 403e4a-403e6c ??3@YAXPAX@Z * 3 1254->1257 1261 403e1a-403e1f 1256->1261 1262 403e41-403e44 1261->1262 1263 403e21-403e24 1261->1263 1262->1254 1264 403e32-403e3d call 4029b5 1263->1264 1265 403e26-403e2d call 40297f 1263->1265 1264->1262 1265->1264
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                      • Part of subcall function 0040239B: LoadLibraryA.KERNEL32(kernel32,GetNativeSystemInfo,?,?,?,?,?,004023D1,00405BCF,00418818,00418818), ref: 004023AB
                                                                                                                                                                                                      • Part of subcall function 0040239B: GetProcAddress.KERNEL32(00000000), ref: 004023B2
                                                                                                                                                                                                      • Part of subcall function 0040239B: GetNativeSystemInfo.KERNELBASE(?,?,?,?,?,?,004023D1,00405BCF,00418818,00418818), ref: 004023C0
                                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00403E4D
                                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00403E55
                                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00403E5D
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2546432228.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546415924.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546451744.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546468385.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546484548.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ??3@$AddressInfoLibraryLoadNativeProcSystem
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1642057587-0
                                                                                                                                                                                                    • Opcode ID: 6042af1b324c03e55860d3893d722feea57423bea14313fcf9d4a7c2317be7d3
                                                                                                                                                                                                    • Instruction ID: 4cbf597906b98135771b168b77b6eb183d18575d7e5ac8660be24c748504df3f
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6042af1b324c03e55860d3893d722feea57423bea14313fcf9d4a7c2317be7d3
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8A515EB2D00109ABDF01EFD1C9859FEBB7EAF58309F04402AF511B2191EB7D9A46DB54
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00401758 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 103COMMON
                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 1269 401758-40176f ??2@YAPAXI@Z 1270 401771-401778 call 40fb56 1269->1270 1271 40177a 1269->1271 1272 40177c-4017a8 call 401132 call 40c5fe 1270->1272 1271->1272 1279 4017c0-4017c9 call 408dd2 1272->1279 1280 4017aa-4017be call 40110a 1272->1280 1286 4017ca-4017cf 1279->1286 1280->1279 1285 4017e8-4017f2 1280->1285 1289 401800-40180a ??2@YAPAXI@Z 1285->1289 1290 4017f4-4017f6 call 40371d 1285->1290 1287 4017d1-4017d3 1286->1287 1288 4017d7-4017d9 1286->1288 1287->1288 1291 4017e1-4017e6 1288->1291 1292 4017db-4017dd 1288->1292 1294 401815 1289->1294 1295 40180c-401813 call 40149c 1289->1295 1297 4017fb-4017fe 1290->1297 1296 40183c-401840 1291->1296 1292->1291 1299 401817-40181c call 40163d 1294->1299 1295->1299 1297->1286 1297->1289 1302 401821-401828 1299->1302 1303 401830-401832 1302->1303 1304 40182a-40182c 1302->1304 1305 401834-401836 1303->1305 1306 40183a 1303->1306 1304->1303 1305->1306 1306->1296
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • ??2@YAPAXI@Z.MSVCRT ref: 00401765
                                                                                                                                                                                                    • ??2@YAPAXI@Z.MSVCRT ref: 00401802
                                                                                                                                                                                                      • Part of subcall function 0040371D: lstrlenW.KERNEL32(004017FB,00000000,?,?,?,?,?,?,004017FB,?), ref: 0040372A
                                                                                                                                                                                                      • Part of subcall function 0040371D: GetSystemTimeAsFileTime.KERNEL32(?,004017FB,?,?,?,?,004017FB,?), ref: 004037A0
                                                                                                                                                                                                      • Part of subcall function 0040371D: GetFileAttributesW.KERNELBASE(?,?,?,?,?,004017FB,?), ref: 004037A7
                                                                                                                                                                                                      • Part of subcall function 0040371D: ??3@YAXPAX@Z.MSVCRT ref: 00403866
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2546432228.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546415924.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546451744.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546468385.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546484548.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ??2@FileTime$??3@AttributesSystemlstrlen
                                                                                                                                                                                                    • String ID: ExecuteFile
                                                                                                                                                                                                    • API String ID: 1306139538-323923146
                                                                                                                                                                                                    • Opcode ID: 5728c1b83bc4d1b9980e370ae573a7b0c9e39e3a3f34e0a4038bcb615272f731
                                                                                                                                                                                                    • Instruction ID: 696917977cc0af5d7a86523ea3cefee026201a0d6e9a1adebbd371a6d4f8659a
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5728c1b83bc4d1b9980e370ae573a7b0c9e39e3a3f34e0a4038bcb615272f731
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8B31C575700204ABDB24ABA5CC85D6F77A9EF84705728447FF401FB2A1DA39AD41CB28
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 0040D5B6 Relevance: 4.5, APIs: 3, Instructions: 35COMMON
                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 1308 40d5b6-40d5c1 1309 40d600-40d602 1308->1309 1310 40d5c3-40d5c6 1308->1310 1311 40d5c8-40d5d6 ??2@YAPAXI@Z 1310->1311 1312 40d5ee 1310->1312 1313 40d5f0-40d5ff ??3@YAXPAX@Z 1311->1313 1314 40d5d8-40d5da 1311->1314 1312->1313 1313->1309 1315 40d5dc 1314->1315 1316 40d5de-40d5ec memmove 1314->1316 1315->1316 1316->1313
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2546432228.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546415924.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546451744.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546468385.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546484548.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ??2@??3@memmove
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3828600508-0
                                                                                                                                                                                                    • Opcode ID: 67b98665b8dcbfdd3e4d109b89c80be00f36e07207969b21e35def3519e69f6f
                                                                                                                                                                                                    • Instruction ID: d5dacd1b3fb98c21124dc1d33f48c6efd6003bf6c14ff8fbee7813475d9ee9aa
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 67b98665b8dcbfdd3e4d109b89c80be00f36e07207969b21e35def3519e69f6f
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 47F0E232B042006FC2305F6A9E8095BBBE9EBC4718314883FF95ED6351D634F8848628
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 0040E008 Relevance: 4.2, APIs: 3, Instructions: 462COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2546432228.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546415924.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546451744.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546468385.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546484548.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ??2@
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1033339047-0
                                                                                                                                                                                                    • Opcode ID: 681626a6d2388e1b46a499882a508d01bee9b587e2816172e644e9a69fa16b25
                                                                                                                                                                                                    • Instruction ID: 786736d933f003369f23863796d1619ed635801a4e32b20000a897f24b9a5b67
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 681626a6d2388e1b46a499882a508d01bee9b587e2816172e644e9a69fa16b25
                                                                                                                                                                                                    • Instruction Fuzzy Hash: C1121771A00209DFCB14DFA6C8908A9BBB5FF48304B14497EF91AA7391DB39ED55CB44
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 004026FB Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 39COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GlobalMemoryStatusEx.KERNELBASE(00000040), ref: 0040271F
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2546432228.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546415924.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546451744.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546468385.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546484548.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: GlobalMemoryStatus
                                                                                                                                                                                                    • String ID: @
                                                                                                                                                                                                    • API String ID: 1890195054-2766056989
                                                                                                                                                                                                    • Opcode ID: 10a1a0dca67190ae1b2f8bab539977c25a6fc9f7f1c138144fabb0a44fa63ec7
                                                                                                                                                                                                    • Instruction ID: c3a6faa0462241a280be2d9353c1e47863c81d4e618bf62eab88ba7ec8474a40
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 10a1a0dca67190ae1b2f8bab539977c25a6fc9f7f1c138144fabb0a44fa63ec7
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1DF0AF306042088ACF15AB70DF4DA5A76A5BB00308F10463AE012F71D0DBF89981864C
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00411AF9 Relevance: 3.2, APIs: 2, Instructions: 200COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                      • Part of subcall function 0040FBFC: _CxxThrowException.MSVCRT(?,00416250), ref: 0040FC16
                                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00411C17
                                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00411D6F
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2546432228.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546415924.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546451744.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546468385.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546484548.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ??3@$ExceptionThrow
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2803161813-0
                                                                                                                                                                                                    • Opcode ID: b993efc40368fd69e6ac657a65e76f6bc64138533e57705c6864ce29429bcb79
                                                                                                                                                                                                    • Instruction ID: a4732db55583ca78181ff33f67714ccec4ec82aa11d2dee84a4e715c00db3ea7
                                                                                                                                                                                                    • Opcode Fuzzy Hash: b993efc40368fd69e6ac657a65e76f6bc64138533e57705c6864ce29429bcb79
                                                                                                                                                                                                    • Instruction Fuzzy Hash: CE814E70A04609ABCB24DFA5C991AEEF7B1BF08304F10452FE615A7761E738B984CB58
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 0040F78D Relevance: 3.1, APIs: 2, Instructions: 135COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2546432228.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546415924.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546451744.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546468385.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546484548.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ??3@H_prolog
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1329742358-0
                                                                                                                                                                                                    • Opcode ID: 324c3a7cbfe9bcc9a0093a6b1fc01d4b03cfa3ecc6e1453f09a11163b89f0df4
                                                                                                                                                                                                    • Instruction ID: efb2f00d33aa1ccf63bb6429db99bdc6da243e5c394d73c928979b154fe646cf
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 324c3a7cbfe9bcc9a0093a6b1fc01d4b03cfa3ecc6e1453f09a11163b89f0df4
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5B41C573800109AFCB25EBA5C945AEE7775EF05304B19813BE80177AE2D73C5E0D9A59
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 004011FD Relevance: 3.0, APIs: 2, Instructions: 42windowCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetDiskFreeSpaceExW.KERNELBASE(?,00000000,00000000), ref: 00401219
                                                                                                                                                                                                    • SendMessageW.USER32(00008001,00000000,?), ref: 00401272
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2546432228.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546415924.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546451744.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546468385.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546484548.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: DiskFreeMessageSendSpace
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 696007252-0
                                                                                                                                                                                                    • Opcode ID: 76c877f8e4e04b6b1800e0e3c37e02ee1ef8b0dd0ed0dfcb9a9652151f192eb4
                                                                                                                                                                                                    • Instruction ID: 6537aa89ce628f24a2eb9e1cdbee530b0aed1928fb96dd1290126444b22a0e58
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 76c877f8e4e04b6b1800e0e3c37e02ee1ef8b0dd0ed0dfcb9a9652151f192eb4
                                                                                                                                                                                                    • Instruction Fuzzy Hash: A4016D31214208AAEB11DB60DD85F9A37A9EB40700F6081BEF511FA1E0CB79A9508B1D
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 0040119E Relevance: 3.0, APIs: 2, Instructions: 42COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2546432228.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546415924.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546451744.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546468385.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546484548.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ??2@??3@
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1936579350-0
                                                                                                                                                                                                    • Opcode ID: c2f5fa9c0539de2c4a7f53d681735384437a504ee41f3ab63c15851ff9d6caec
                                                                                                                                                                                                    • Instruction ID: fbffce2cb9c5a4c22f50dad7d41ebaab4f040ab4d9ad274b237e9742f84e4579
                                                                                                                                                                                                    • Opcode Fuzzy Hash: c2f5fa9c0539de2c4a7f53d681735384437a504ee41f3ab63c15851ff9d6caec
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 41F0A436210611ABC334DF6DC591867B3E4FF88355720883FE6D6CB6A1DA71B890C754
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00404620 Relevance: 3.0, APIs: 2, Instructions: 31COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • SetEnvironmentVariableW.KERNELBASE(?,?,?,00000000,?,?,0040628F,?,00000000,0000000A), ref: 0040465C
                                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00404665
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2546432228.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546415924.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546451744.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546468385.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546484548.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ??3@EnvironmentVariable
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3880889418-0
                                                                                                                                                                                                    • Opcode ID: 3fad0434c8b514149e26a75e0ec70fed15d72048ac8dbd9c11a1d63dc6b4c663
                                                                                                                                                                                                    • Instruction ID: c356e28fc434d8de4112928b3ac2c9ce4fff199355a5a9feefed93d50c0dffe7
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3fad0434c8b514149e26a75e0ec70fed15d72048ac8dbd9c11a1d63dc6b4c663
                                                                                                                                                                                                    • Instruction Fuzzy Hash: DFF03A76900118AFCB01AB94EC418CE77A8AF44704704807EF911E7161DF35A9518B88
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 0040BEB6 Relevance: 3.0, APIs: 2, Instructions: 30COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • SetFilePointer.KERNELBASE(?,?,?,?), ref: 0040BED1
                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?), ref: 0040BEDF
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2546432228.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546415924.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546451744.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546468385.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546484548.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ErrorFileLastPointer
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2976181284-0
                                                                                                                                                                                                    • Opcode ID: 2dc8cee5598d33c9ccf099f17d10e976f116823a694517a44c1af7d0a77e4e36
                                                                                                                                                                                                    • Instruction ID: 58a5dddce790eb067e59aca2af7185a8748fd17e24e05fc10a277d90b8df01f0
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2dc8cee5598d33c9ccf099f17d10e976f116823a694517a44c1af7d0a77e4e36
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0DF0B7B5900208EFCB04CF95D8548EE7BB5EB89310B10C569F925A7390D7359A50DBA8
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 0040C169 Relevance: 3.0, APIs: 2, Instructions: 24memoryCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • SysAllocString.OLEAUT32(?), ref: 0040C181
                                                                                                                                                                                                    • _CxxThrowException.MSVCRT(?,00415F74), ref: 0040C1A4
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2546432228.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546415924.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546451744.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546468385.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546484548.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: AllocExceptionStringThrow
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3773818493-0
                                                                                                                                                                                                    • Opcode ID: fb0b8424ea3c18422dfb4546465b5c411461c7c894348be57eca799396026cd2
                                                                                                                                                                                                    • Instruction ID: 9d709aa8e1cfb26431d9c10f6fda3bd1f7118755983c1d1d8d4145ebeb66b084
                                                                                                                                                                                                    • Opcode Fuzzy Hash: fb0b8424ea3c18422dfb4546465b5c411461c7c894348be57eca799396026cd2
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2EE06D31100308EBDB10AFA5D8819C67BE8EF04380B00C63FF908CA251E678D580CBD8
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00401521 Relevance: 3.0, APIs: 2, Instructions: 22COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2546432228.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546415924.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546451744.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546468385.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546484548.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ??3@
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 613200358-0
                                                                                                                                                                                                    • Opcode ID: ec12ff30771228872eb63ce016cb1097791755a5c5cf41ef4c244471a93fb349
                                                                                                                                                                                                    • Instruction ID: 5742f67201d23beaa9f8636bee72048afea15845169d910c3e0dc09cacb252b0
                                                                                                                                                                                                    • Opcode Fuzzy Hash: ec12ff30771228872eb63ce016cb1097791755a5c5cf41ef4c244471a93fb349
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 14E086325015149FC720AF55E814DC7B3E4EF44315315856EF48ADB660CB78FC82CB84
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 004026C6 Relevance: 3.0, APIs: 2, Instructions: 10COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2546432228.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546415924.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546451744.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546468385.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546484548.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ??3@
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 613200358-0
                                                                                                                                                                                                    • Opcode ID: 1c27705c3b037f61058fb1d756fe2918b372ac9de55fc490656670ab71805006
                                                                                                                                                                                                    • Instruction ID: cf61e5c50e516f536aafcf84c46cd44bdaace0ff2497f75a62ab573aedddf883
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1c27705c3b037f61058fb1d756fe2918b372ac9de55fc490656670ab71805006
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 45B0923200C224AEAA293E15FA03DC567D5EF00238321496FF085918656ED73CE05688
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 0040CFDF Relevance: 2.5, APIs: 2, Instructions: 34COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(?), ref: 0040CFEA
                                                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(?,?,?,?,?), ref: 0040D009
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2546432228.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546415924.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546451744.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546468385.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546484548.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CriticalSection$EnterLeave
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3168844106-0
                                                                                                                                                                                                    • Opcode ID: 9e5b06dc87699637085a0abfbb9de17ca0a3ebb0801bf684ed8affee5a97ca5d
                                                                                                                                                                                                    • Instruction ID: f5706fc576ce77f3a24d7962246a0e1372d4318d431a8e20e1a1b6a23e370181
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9e5b06dc87699637085a0abfbb9de17ca0a3ebb0801bf684ed8affee5a97ca5d
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 83F03036600214EBCB218F95DC08E9ABBB9EF8D760F10442AFA55A7261C771E811DBA4
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 0040F93C Relevance: 1.6, APIs: 1, Instructions: 74COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2546432228.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546415924.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546451744.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546468385.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546484548.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: H_prolog
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3519838083-0
                                                                                                                                                                                                    • Opcode ID: b310e02a71b0e9b0f57c8ff350f317a12e9997ed6537326e98dc413991563931
                                                                                                                                                                                                    • Instruction ID: 6846990a0b7c700b0e564570ba35e58a51d6e24bd287ea03595f4ec4833d5ae3
                                                                                                                                                                                                    • Opcode Fuzzy Hash: b310e02a71b0e9b0f57c8ff350f317a12e9997ed6537326e98dc413991563931
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2521B530700209ABCB24EFA5D855BAE7774AF40308F10443EF41ABB691DB38ED09CB69
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 0040DF18 Relevance: 1.5, APIs: 1, Instructions: 38COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2546432228.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546415924.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546451744.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546468385.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546484548.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ??3@
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 613200358-0
                                                                                                                                                                                                    • Opcode ID: 75b8e81de9118c2183978d3f94624743d261298bfa92fcf7a68175402f56a01a
                                                                                                                                                                                                    • Instruction ID: 7840a2ccd5a960e93a6d95847f56d5fff308d56e59930d1c0d757fa52b2cbb73
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 75b8e81de9118c2183978d3f94624743d261298bfa92fcf7a68175402f56a01a
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2BF09072A1010CBBDB11AF59C8818AEB3ACEF81364700803BFD09AB341D679ED0587A4
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 0040127E Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • SetFileAttributesW.KERNELBASE(?,?), ref: 004012C2
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2546432228.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546415924.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546451744.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546468385.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546484548.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: AttributesFile
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3188754299-0
                                                                                                                                                                                                    • Opcode ID: 99bbeda3998a939772efb656e1c99ec3b49f936e01c00e27716b5450bac36e45
                                                                                                                                                                                                    • Instruction ID: 8804b63aef8d5166b786aa1d470143da4cafa9e74bcb3062b324a687b6a94c0e
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 99bbeda3998a939772efb656e1c99ec3b49f936e01c00e27716b5450bac36e45
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1FF05832100602EFD720ABA9D840AA7B7F5BB94311F04892EE586F26E0D738A885CB55
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 0040BF1C Relevance: 1.5, APIs: 1, Instructions: 23fileCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                      • Part of subcall function 0040BE4B: FindCloseChangeNotification.KERNELBASE(00418818,?,0040BF27,00000000,?,0040BF6F,00405C0F,80000000,?,?,?,0040BF91,?,00418818,00000003,00000080), ref: 0040BE56
                                                                                                                                                                                                    • CreateFileW.KERNELBASE(00418818,00000000,?,00000000,00405C0F,00000000,00000000,00000000,?,0040BF6F,00405C0F,80000000,?,?,?,0040BF91), ref: 0040BF3E
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2546432228.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546415924.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546451744.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546468385.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546484548.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ChangeCloseCreateFileFindNotification
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 727422849-0
                                                                                                                                                                                                    • Opcode ID: 8d75af9a6c217c950491c3631b52d086b6a135f3c5a9e976b3a65ef09916f851
                                                                                                                                                                                                    • Instruction ID: 90411d92f9d8fc56c138e00aa788ce8dd8e9066487309eaec17cc9a92b37b09c
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8d75af9a6c217c950491c3631b52d086b6a135f3c5a9e976b3a65ef09916f851
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0EE04F360002196BCF215F649C01BCA3B95AF09360F104126BB24A61E0C772D465AB9C
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 0040C05D Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • WriteFile.KERNELBASE(?,?,00000001,00000000,00000000,?,?,0040C67B,00000001,00418818,00418818,0041449C,?,004055C8,?,?), ref: 0040C080
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2546432228.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546415924.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546451744.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546468385.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546484548.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: FileWrite
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3934441357-0
                                                                                                                                                                                                    • Opcode ID: f87172bd460ca3b54a79ebd290cb322ba78c3867cc27832738d70ce0c19e6544
                                                                                                                                                                                                    • Instruction ID: b8ac05db2d4a94fa31fca8da97501392d380f31373f02cc2359ce7771c6d952e
                                                                                                                                                                                                    • Opcode Fuzzy Hash: f87172bd460ca3b54a79ebd290cb322ba78c3867cc27832738d70ce0c19e6544
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5BE03234640208FFCB00CFA0C800B8E3BB9AB08714F20C028F8189A2A0C3399A10EF14
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00406E34 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2546432228.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546415924.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546451744.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546468385.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546484548.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _beginthreadex
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3014514943-0
                                                                                                                                                                                                    • Opcode ID: b45036c3ba1d8840ed147fa51aa3b54808154657542cc12759115a57a724e90e
                                                                                                                                                                                                    • Instruction ID: 247003c3cbeddfb2b625e3bdb8727c8b4f2641553652fddb98de5e4cb0adc6ee
                                                                                                                                                                                                    • Opcode Fuzzy Hash: b45036c3ba1d8840ed147fa51aa3b54808154657542cc12759115a57a724e90e
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4AD05EF6900208BFCF01EFE0CC05CEB3BADEF08244B008464BD05C2110E672DA109BB0
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00411D7E Relevance: 1.5, APIs: 1, Instructions: 18COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2546432228.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546415924.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546451744.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546468385.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546484548.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: H_prolog
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3519838083-0
                                                                                                                                                                                                    • Opcode ID: 79dd5a53ceaa10d323906d6c4c09a067708a8351cba9fff8f600675c26666cc2
                                                                                                                                                                                                    • Instruction ID: 72e6a8a8c5ad423b706d1c8477e98d2bf6fe7c2d1236b40809de9acfe940e46e
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 79dd5a53ceaa10d323906d6c4c09a067708a8351cba9fff8f600675c26666cc2
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 54D05B72A00114ABD7159F85DD05BDEFB78EF81359F10816FF10151110D3BD6A41856D
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 0040BFA2 Relevance: 1.5, APIs: 1, Instructions: 18fileCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • ReadFile.KERNELBASE(?,?,?,00000000,00000000), ref: 0040BFB8
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2546432228.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546415924.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546451744.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546468385.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546484548.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: FileRead
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2738559852-0
                                                                                                                                                                                                    • Opcode ID: e9757d328d643c7454ad56557c4d9905e5ed03d7027cc49797d163fdbd19fd89
                                                                                                                                                                                                    • Instruction ID: 6600978e9b0ccbf498a810640cc831596d613c388fbe18220f7993c6c269e9fc
                                                                                                                                                                                                    • Opcode Fuzzy Hash: e9757d328d643c7454ad56557c4d9905e5ed03d7027cc49797d163fdbd19fd89
                                                                                                                                                                                                    • Instruction Fuzzy Hash: FFE0EC75200208FFDB01CF91CD01FDE7BBEEB49754F208068EA0596160C7759A10EB54
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 0040BE4B Relevance: 1.5, APIs: 1, Instructions: 16COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • FindCloseChangeNotification.KERNELBASE(00418818,?,0040BF27,00000000,?,0040BF6F,00405C0F,80000000,?,?,?,0040BF91,?,00418818,00000003,00000080), ref: 0040BE56
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2546432228.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546415924.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546451744.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546468385.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546484548.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ChangeCloseFindNotification
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2591292051-0
                                                                                                                                                                                                    • Opcode ID: d75d5fc0baf4f2939d0adfdd415025799ab6c32361fdd26dbcb1c09c5b554eea
                                                                                                                                                                                                    • Instruction ID: be21f2d7e2f065a1e4cf32b2320b5ecc72b3a54c58d665c0bd3e5472e34ca940
                                                                                                                                                                                                    • Opcode Fuzzy Hash: d75d5fc0baf4f2939d0adfdd415025799ab6c32361fdd26dbcb1c09c5b554eea
                                                                                                                                                                                                    • Instruction Fuzzy Hash: F9D0123160422146CE741E3CB8445D337D89E46374321476BF5B5E32F0D3748C8346D8
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 0040C030 Relevance: 1.5, APIs: 1, Instructions: 9timeCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • SetFileTime.KERNELBASE(?,?,?,?,0040C05A,00000000,00000000,?,004012AF,?), ref: 0040C03E
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2546432228.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546415924.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546451744.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546468385.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546484548.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: FileTime
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1425588814-0
                                                                                                                                                                                                    • Opcode ID: c0e5e33048760219d2a04593f2bb40d099f123eabf13ff9ad38c69bb38ccd200
                                                                                                                                                                                                    • Instruction ID: ea010d3a690561246fe19a690d3fd65df6325dae63f8daef288d6a2187e6b862
                                                                                                                                                                                                    • Opcode Fuzzy Hash: c0e5e33048760219d2a04593f2bb40d099f123eabf13ff9ad38c69bb38ccd200
                                                                                                                                                                                                    • Instruction Fuzzy Hash: AEC04C3A158105FFCF020FB0CC04C1ABFA2AB99311F10C918B259C5070C7328024EB02
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 0040D0F9 Relevance: 1.3, APIs: 1, Instructions: 65COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2546432228.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546415924.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546451744.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546468385.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546484548.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: memmove
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2162964266-0
                                                                                                                                                                                                    • Opcode ID: 629220965c6bd2db472e7962868e1e1f545117e5f950cd86d21845d398ffb971
                                                                                                                                                                                                    • Instruction ID: a4b432defa2f872f2e946a78cf9859ae6dceab650c9b954c79c80a890c02e361
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 629220965c6bd2db472e7962868e1e1f545117e5f950cd86d21845d398ffb971
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3B21E471A00B009FC720CF9AC88485BF7FAFF88724764892EE09A97A50E774BD45CB54
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 0040CED6 Relevance: 1.3, APIs: 1, Instructions: 48COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • _CxxThrowException.MSVCRT(?,00415FFC), ref: 0040CF19
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2546432228.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546415924.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546451744.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546468385.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546484548.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ExceptionThrow
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 432778473-0
                                                                                                                                                                                                    • Opcode ID: c55205c91926b37fafed77e2ec1812a0d6aea0a5967d0921fad9188accd9e898
                                                                                                                                                                                                    • Instruction ID: 6a5d6d8d1e5a2607387ff05ecddc3380d06d5443c211f61aaf30d4f4d0e37a27
                                                                                                                                                                                                    • Opcode Fuzzy Hash: c55205c91926b37fafed77e2ec1812a0d6aea0a5967d0921fad9188accd9e898
                                                                                                                                                                                                    • Instruction Fuzzy Hash: EB017171501701EFDB28CF69C845A9BBBF8EF453107144A6EA482D3641D374FA46CB90
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00412740 Relevance: 1.3, APIs: 1, Instructions: 17COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2546432228.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546415924.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546451744.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546468385.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546484548.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ??2@
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1033339047-0
                                                                                                                                                                                                    • Opcode ID: c2dc035f5ebddeced5e20d167c4dc1d5194920ef8996fb6ff3e34a5a8de11b21
                                                                                                                                                                                                    • Instruction ID: fce6d923590850065a108969fcb8400009cd2a4f6eb86696f7b394ce47e92bce
                                                                                                                                                                                                    • Opcode Fuzzy Hash: c2dc035f5ebddeced5e20d167c4dc1d5194920ef8996fb6ff3e34a5a8de11b21
                                                                                                                                                                                                    • Instruction Fuzzy Hash: D8D0A93130821016AA9872322A02EAF06888F80720B00082FFA00E62D1EDAD88A2026E
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00402765 Relevance: 1.3, APIs: 1, Instructions: 12memoryCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004,0040CEBC,?,?,?,004096CF,?), ref: 00402781
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2546432228.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546415924.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546451744.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546468385.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546484548.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: AllocVirtual
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 4275171209-0
                                                                                                                                                                                                    • Opcode ID: c0747d2b54f00527e28e55407353a72f8354565475e3e521c76b3ccfb0f995d3
                                                                                                                                                                                                    • Instruction ID: c8419c84987ab9f9043192ec71a1da35683a063982673f1d4b03f9dfb55d97bf
                                                                                                                                                                                                    • Opcode Fuzzy Hash: c0747d2b54f00527e28e55407353a72f8354565475e3e521c76b3ccfb0f995d3
                                                                                                                                                                                                    • Instruction Fuzzy Hash: DAC08C302483007AEE1517A08F0BF4A3662AB88B1AF40C429F384A50E0D7F58400B60D
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00401D26 Relevance: 1.3, APIs: 1, Instructions: 7COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • VirtualFree.KERNELBASE(?,00000000,00008000,0040CE64,00000000,?,0040CEB3,?,?,004096CF,?), ref: 00401D38
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2546432228.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546415924.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546451744.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546468385.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546484548.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: FreeVirtual
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1263568516-0
                                                                                                                                                                                                    • Opcode ID: 32a91dde98d5100741efe9c4c504ac7ef1165072957eb49c26da89f99dbc19d7
                                                                                                                                                                                                    • Instruction ID: 52e13e518f9be9114dfd9f0dcb33d46b5f51ce713fe3f05cd2c94b9e5c1fb23c
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 32a91dde98d5100741efe9c4c504ac7ef1165072957eb49c26da89f99dbc19d7
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6DB09230244300BEEF214B00DE0DB4A77A1AB90B01F20C928B198241F097B86844DA09
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Non-executed Functions

                                                                                                                                                                                                    Function 004021B3 Relevance: 29.9, APIs: 16, Strings: 1, Instructions: 150stringCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetLastError.KERNEL32(00000000,00000020,-00000002), ref: 00402202
                                                                                                                                                                                                    • wsprintfW.USER32 ref: 00402213
                                                                                                                                                                                                    • GetEnvironmentVariableW.KERNEL32(?,00000000,00000000), ref: 00402228
                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 0040222D
                                                                                                                                                                                                    • ??2@YAPAXI@Z.MSVCRT ref: 00402248
                                                                                                                                                                                                    • GetEnvironmentVariableW.KERNEL32(?,00000000,00000004), ref: 0040225B
                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00402262
                                                                                                                                                                                                    • lstrcmpiW.KERNEL32(00000000,00404955), ref: 00402277
                                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00402287
                                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 004022A5
                                                                                                                                                                                                    • SetLastError.KERNEL32(?), ref: 004022AE
                                                                                                                                                                                                    • lstrlenA.KERNEL32(00415208), ref: 004022E2
                                                                                                                                                                                                    • ??2@YAPAXI@Z.MSVCRT ref: 004022FD
                                                                                                                                                                                                    • GetLocaleInfoW.KERNEL32(?,00001004,?,0000001F), ref: 0040232F
                                                                                                                                                                                                    • _wtol.MSVCRT(?), ref: 00402340
                                                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(00000000,00415208,00000001,00000000,00000002), ref: 00402360
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2546432228.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546415924.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546451744.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546468385.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546484548.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ErrorLast$??2@??3@EnvironmentVariable$ByteCharInfoLocaleMultiWide_wtollstrcmpilstrlenwsprintf
                                                                                                                                                                                                    • String ID: 7zSfxString%d
                                                                                                                                                                                                    • API String ID: 2117570002-3906403175
                                                                                                                                                                                                    • Opcode ID: c19d51b0fb4e363887bc9bf560425d9ef72edad3e209db1ef76b32328730d99c
                                                                                                                                                                                                    • Instruction ID: 3ab846e255d67cb18ffe3ad7b55f1665823b4c0101406b52f8400e9fffcfb60b
                                                                                                                                                                                                    • Opcode Fuzzy Hash: c19d51b0fb4e363887bc9bf560425d9ef72edad3e209db1ef76b32328730d99c
                                                                                                                                                                                                    • Instruction Fuzzy Hash: B951D571A00208EFCB109FB4DD49ADA7BB8FB49300B11447FE506E72D0DB78A994CB28
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00401DF5 Relevance: 26.3, APIs: 11, Strings: 4, Instructions: 85libraryloaderCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetModuleHandleW.KERNEL32(00000000), ref: 00401E00
                                                                                                                                                                                                    • FindResourceExA.KERNEL32(00000000,?,?,00000000), ref: 00401E1D
                                                                                                                                                                                                    • FindResourceExA.KERNEL32(00000000,?,?,00000409), ref: 00401E31
                                                                                                                                                                                                    • SizeofResource.KERNEL32(00000000,00000000), ref: 00401E42
                                                                                                                                                                                                    • LoadResource.KERNEL32(00000000,00000000), ref: 00401E4C
                                                                                                                                                                                                    • LockResource.KERNEL32(00000000), ref: 00401E57
                                                                                                                                                                                                    • LoadLibraryA.KERNEL32(kernel32,SetProcessPreferredUILanguages), ref: 00401E83
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000), ref: 00401E8C
                                                                                                                                                                                                    • wsprintfW.USER32 ref: 00401EAB
                                                                                                                                                                                                    • LoadLibraryA.KERNEL32(kernel32,SetThreadPreferredUILanguages), ref: 00401EC0
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000), ref: 00401EC3
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2546432228.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546415924.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546451744.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546468385.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546484548.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Resource$Load$AddressFindLibraryProc$HandleLockModuleSizeofwsprintf
                                                                                                                                                                                                    • String ID: %04X%c%04X%c$SetProcessPreferredUILanguages$SetThreadPreferredUILanguages$kernel32
                                                                                                                                                                                                    • API String ID: 2639302590-365843014
                                                                                                                                                                                                    • Opcode ID: f3b181bdb1dd7712d2262e78495c99b7539d7d08376e29593b7b35a4ee752d35
                                                                                                                                                                                                    • Instruction ID: 0bae6d538d88249feec22e70dee6e974a297163e78d6f1732f828fb100938c5a
                                                                                                                                                                                                    • Opcode Fuzzy Hash: f3b181bdb1dd7712d2262e78495c99b7539d7d08376e29593b7b35a4ee752d35
                                                                                                                                                                                                    • Instruction Fuzzy Hash: E02151B5940308BBDB119BA5DC08FDF3AADEB84715F158036FA05A7291DB78D940CBA8
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00408DD2 Relevance: 16.6, APIs: 11, Instructions: 96stringwindowCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • wvsprintfW.USER32(?,00000000,?), ref: 00408DF6
                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00408E07
                                                                                                                                                                                                    • FormatMessageW.KERNEL32(00001100,00000000,00000000,?,?,00000000,00406BA8), ref: 00408E2F
                                                                                                                                                                                                    • FormatMessageW.KERNEL32(00001100,00000000,?,00000000,?,00000000,00406BA8), ref: 00408E44
                                                                                                                                                                                                    • lstrlenW.KERNEL32(?), ref: 00408E57
                                                                                                                                                                                                    • lstrlenW.KERNEL32(?), ref: 00408E5E
                                                                                                                                                                                                    • ??2@YAPAXI@Z.MSVCRT ref: 00408E73
                                                                                                                                                                                                    • lstrcpyW.KERNEL32(00000000,?), ref: 00408E89
                                                                                                                                                                                                    • lstrcpyW.KERNEL32(-00000002,?), ref: 00408E9A
                                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00408EA3
                                                                                                                                                                                                    • LocalFree.KERNEL32(?), ref: 00408EAD
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2546432228.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546415924.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546451744.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546468385.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546484548.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: FormatMessagelstrcpylstrlen$??2@??3@ErrorFreeLastLocalwvsprintf
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 829399097-0
                                                                                                                                                                                                    • Opcode ID: 3cd6e96d682d9560081de5680e1c64890037530644a0209c6c139d25f2e832e1
                                                                                                                                                                                                    • Instruction ID: 430b742eb51bd6d908813ed9783ba86da6981bd96c63e5e907f370e205208e14
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3cd6e96d682d9560081de5680e1c64890037530644a0209c6c139d25f2e832e1
                                                                                                                                                                                                    • Instruction Fuzzy Hash: B6218176900118BFDB149FA1DD85DEB3BBCFB48354B10407AFA45D6190EF34AA848BA4
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00402F12 Relevance: 16.6, APIs: 11, Instructions: 90filestringCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • FindFirstFileW.KERNEL32(?,?,004145D0,?,?,?,00000000), ref: 00402F41
                                                                                                                                                                                                    • lstrcmpW.KERNEL32(?,004145CC,?,0000005C,?,?,?,00000000), ref: 00402F94
                                                                                                                                                                                                    • lstrcmpW.KERNEL32(?,004145C4,?,?,00000000), ref: 00402FAA
                                                                                                                                                                                                    • SetFileAttributesW.KERNEL32(?,00000000,?,0000005C,?,?,?,00000000), ref: 00402FC0
                                                                                                                                                                                                    • DeleteFileW.KERNEL32(?,?,?,00000000), ref: 00402FC7
                                                                                                                                                                                                    • FindNextFileW.KERNEL32(00000000,00000010,?,?,00000000), ref: 00402FD9
                                                                                                                                                                                                    • FindClose.KERNEL32(00000000,?,?,00000000), ref: 00402FE8
                                                                                                                                                                                                    • SetFileAttributesW.KERNEL32(?,00000000,?,?,00000000), ref: 00402FF3
                                                                                                                                                                                                    • RemoveDirectoryW.KERNEL32(?,?,?,00000000), ref: 00402FFC
                                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00403007
                                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00403012
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2546432228.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546415924.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546451744.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546468385.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546484548.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: File$Find$??3@Attributeslstrcmp$CloseDeleteDirectoryFirstNextRemove
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1862581289-0
                                                                                                                                                                                                    • Opcode ID: fefa9183e0a8793aa5d56f092b45f2fd042b2c0c919ccf8fb62b9addc1ec799e
                                                                                                                                                                                                    • Instruction ID: cb1819d8829f3ea853b928feda35cb2472adc35407fd345360bfd53aaca0e622
                                                                                                                                                                                                    • Opcode Fuzzy Hash: fefa9183e0a8793aa5d56f092b45f2fd042b2c0c919ccf8fb62b9addc1ec799e
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 55218030600219BADB20AF61DD8DEEE3B7C9F94745F10407AF905F20D1EB789A859A68
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00408643 Relevance: 7.5, APIs: 5, Instructions: 47threadCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 00408662
                                                                                                                                                                                                    • SetWindowsHookExW.USER32(00000007,Function_00008589,00000000,00000000), ref: 0040866D
                                                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 0040867C
                                                                                                                                                                                                    • SetWindowsHookExW.USER32(00000002,Function_00008615,00000000,00000000), ref: 00408687
                                                                                                                                                                                                    • EndDialog.USER32(?,00000000), ref: 004086AD
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2546432228.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546415924.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546451744.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546468385.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546484548.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CurrentHookThreadWindows$Dialog
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1967849563-0
                                                                                                                                                                                                    • Opcode ID: a0805c3b6262eedc2856a77b882f8b22c7f0eb3195d906f6a4b2a32eeb2a9efd
                                                                                                                                                                                                    • Instruction ID: 75cd9ee5bc6f61fe2cb81be21b4fd125b80c6fdd5fd3af93018a39c96244cffa
                                                                                                                                                                                                    • Opcode Fuzzy Hash: a0805c3b6262eedc2856a77b882f8b22c7f0eb3195d906f6a4b2a32eeb2a9efd
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5B01DBB1201218DFC2106B56EE84972F7ECE7943A6756443FEA4591160CEB79840CB68
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 0040247A Relevance: 4.5, APIs: 3, Instructions: 40memoryCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • AllocateAndInitializeSid.ADVAPI32(00406061,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,0000000A,-00000008,00406061,?,00000000,0000000A), ref: 004024B3
                                                                                                                                                                                                    • CheckTokenMembership.ADVAPI32(00000000,?,?), ref: 004024C5
                                                                                                                                                                                                    • FreeSid.ADVAPI32(?), ref: 004024CE
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2546432228.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546415924.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546451744.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546468385.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546484548.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: AllocateCheckFreeInitializeMembershipToken
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3429775523-0
                                                                                                                                                                                                    • Opcode ID: f95902cbba3d6f605503444b4f1013812362749f131f83053839915cbbdee454
                                                                                                                                                                                                    • Instruction ID: 2f4618e6ceb2729e5ce81d0b7ff02b8ca2855782c3c39cce86a1747ea6c70431
                                                                                                                                                                                                    • Opcode Fuzzy Hash: f95902cbba3d6f605503444b4f1013812362749f131f83053839915cbbdee454
                                                                                                                                                                                                    • Instruction Fuzzy Hash: AAF03C72944288FEDB01DBE99D85ADEBF7CAB18300F4480AAA201A3182D2705704CB29
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 0040506D Relevance: 56.2, APIs: 30, Strings: 2, Instructions: 213threadprocesssynchronizationCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetCommandLineW.KERNEL32(?,?,?), ref: 0040508E
                                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00405151
                                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00405159
                                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00405161
                                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00405169
                                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00405171
                                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00405179
                                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00405181
                                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00405189
                                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00405191
                                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00405199
                                                                                                                                                                                                    • GetStartupInfoW.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000), ref: 004051B2
                                                                                                                                                                                                    • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000001,01000004,00000000,00000044,?), ref: 004051D9
                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,00000000), ref: 004051E3
                                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 004051EE
                                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 004051F6
                                                                                                                                                                                                    • CreateJobObjectW.KERNEL32(00000000,00000000), ref: 0040520B
                                                                                                                                                                                                    • AssignProcessToJobObject.KERNEL32(00000000,?), ref: 00405222
                                                                                                                                                                                                    • CreateIoCompletionPort.KERNEL32(000000FF,00000000,00000001,00000000,?,?,?,?,?,?,?,?,?,00000000), ref: 00405232
                                                                                                                                                                                                    • SetInformationJobObject.KERNEL32(?,00000007,?,00000008), ref: 00405253
                                                                                                                                                                                                    • ResumeThread.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000), ref: 0040525C
                                                                                                                                                                                                    • GetQueuedCompletionStatus.KERNEL32(00000000,?,?,?,000000FF,?,?,?,?,?,?,?,?,?,00000000), ref: 0040527B
                                                                                                                                                                                                    • ResumeThread.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000), ref: 00405284
                                                                                                                                                                                                    • WaitForSingleObject.KERNEL32(?,000000FF,?,?,?,?,?,?,?,?,?,00000000), ref: 0040528B
                                                                                                                                                                                                    • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000), ref: 0040529A
                                                                                                                                                                                                    • GetExitCodeProcess.KERNEL32(?,?), ref: 004052A3
                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00000000), ref: 004052AE
                                                                                                                                                                                                    • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,00000000), ref: 004052BA
                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?,?,00000000), ref: 004052C1
                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?,?,00000000), ref: 004052CC
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2546432228.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546415924.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546451744.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546468385.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546484548.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ??3@$CloseHandleObject$CreateProcess$CompletionErrorLastResumeThread$AssignCodeCommandExitInfoInformationLinePortQueuedSingleStartupStatusWait
                                                                                                                                                                                                    • String ID: " -$sfxwaitall
                                                                                                                                                                                                    • API String ID: 2734624574-3991362806
                                                                                                                                                                                                    • Opcode ID: 1651613734ca01c0ef639546651a2c1af69aadcd47dd11a8969eac25b6315bba
                                                                                                                                                                                                    • Instruction ID: 7f61a69da49000c65074572d1fe98706f6aedafc1cd57d8e6ee043ebd50c0a44
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1651613734ca01c0ef639546651a2c1af69aadcd47dd11a8969eac25b6315bba
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 22615EB2800108BBDF11AFA1DD46EDF3B6CFF48314F04453AFA15F21A1EA7999548B68
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 0040388A Relevance: 38.8, APIs: 20, Strings: 2, Instructions: 290comCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • _wtol.MSVCRT(AW@,00000000,004187DC), ref: 004038AE
                                                                                                                                                                                                    • SHGetSpecialFolderPathW.SHELL32(00000000,?,?,00000000,004187E8,00000000,004187DC), ref: 00403951
                                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 004039C2
                                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 004039CA
                                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 004039D2
                                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 004039DA
                                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 004039E2
                                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 004039EA
                                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 004039F2
                                                                                                                                                                                                    • _wtol.MSVCRT(?,00000000,?,00000000,?,00000000,?,00000000,?,00000000,?,00000000,?,00000000,?,?), ref: 00403A48
                                                                                                                                                                                                    • CoCreateInstance.OLE32(00415E24,00000000,00000001,00415DE4,AW@,.lnk,?,0000005C), ref: 00403AE9
                                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00403B81
                                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00403B89
                                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00403B91
                                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00403B99
                                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00403BA1
                                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00403BA9
                                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00403BB1
                                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00403BB7
                                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00403BBF
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2546432228.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546415924.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546451744.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546468385.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546484548.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ??3@$_wtol$CreateFolderInstancePathSpecial
                                                                                                                                                                                                    • String ID: .lnk$AW@
                                                                                                                                                                                                    • API String ID: 408529070-3304780919
                                                                                                                                                                                                    • Opcode ID: 13acbc408fa38cf7e1fa9728c313aa15981d0af7475c6c636a0f1c4c12615c03
                                                                                                                                                                                                    • Instruction ID: ac1975162933dc708b18ff6028a348059c12a5eb5a94371c916586bd2bb8d11a
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 13acbc408fa38cf7e1fa9728c313aa15981d0af7475c6c636a0f1c4c12615c03
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 64A18F75810209ABDF14EFA1CD46DEEBB78FF54309F50442EF412B61A1DB78AA85CB18
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00405333 Relevance: 36.9, APIs: 14, Strings: 7, Instructions: 144fileCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetDriveTypeW.KERNEL32(?,?,00000000), ref: 0040537A
                                                                                                                                                                                                    • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000), ref: 004053AB
                                                                                                                                                                                                    • WriteFile.KERNEL32(00418818,?,?,00406D34,00000000,del ",:Repeat,00000000), ref: 00405460
                                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 0040546B
                                                                                                                                                                                                    • CloseHandle.KERNEL32(00418818), ref: 00405474
                                                                                                                                                                                                    • SetFileAttributesW.KERNEL32(00406D34,00000000), ref: 0040548B
                                                                                                                                                                                                    • ShellExecuteW.SHELL32(00000000,open,?,00000000,00000000,00000000), ref: 0040549D
                                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 004054A6
                                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 004054B2
                                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 004054B8
                                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 004054E6
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2546432228.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546415924.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546451744.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546468385.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546484548.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ??3@$File$AttributesCloseCreateDriveExecuteHandleShellTypeWrite
                                                                                                                                                                                                    • String ID: "$" goto Repeat$7ZSfx%03x.cmd$:Repeat$del "$if exist "$open
                                                                                                                                                                                                    • API String ID: 3007203151-3467708659
                                                                                                                                                                                                    • Opcode ID: 9764de6719cad73f2f4297722ccddd7a232d0fdde84da56f987867140064e3fa
                                                                                                                                                                                                    • Instruction ID: dd19172183314f13989176bb75b485d2f6e39d8bd015fd44596edd7a76c33576
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9764de6719cad73f2f4297722ccddd7a232d0fdde84da56f987867140064e3fa
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 92413D71800109EADB10AF91DD86EEFBB79EF04358F10853AF511B60E1DB786E85CB68
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00403159 Relevance: 35.1, APIs: 16, Strings: 4, Instructions: 123windowlibrarystringCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetClassNameA.USER32(?,?,00000040), ref: 0040316C
                                                                                                                                                                                                    • lstrcmpiA.KERNEL32(?,STATIC), ref: 0040317F
                                                                                                                                                                                                    • GetWindowLongW.USER32(?,000000F0), ref: 0040318C
                                                                                                                                                                                                      • Part of subcall function 00403116: GetWindowTextLengthW.USER32(?), ref: 00403127
                                                                                                                                                                                                      • Part of subcall function 00403116: GetWindowTextW.USER32(004031A0,00000000,00000001), ref: 00403144
                                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 004031B9
                                                                                                                                                                                                    • GetParent.USER32(?), ref: 004031C7
                                                                                                                                                                                                    • LoadLibraryA.KERNEL32(riched20), ref: 004031DB
                                                                                                                                                                                                    • GetMenu.USER32(?), ref: 004031EE
                                                                                                                                                                                                    • SetThreadLocale.KERNEL32(00000419), ref: 004031FB
                                                                                                                                                                                                    • CreateWindowExW.USER32(00000000,RichEdit20W,004144C8,50000804,?,?,?,?,?,00000000,00000000,00000000), ref: 0040322B
                                                                                                                                                                                                    • DestroyWindow.USER32(?), ref: 0040323C
                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000459,00000022,00000000), ref: 00403251
                                                                                                                                                                                                    • GetSysColor.USER32(0000000F), ref: 00403255
                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000443,00000000,00000000), ref: 00403263
                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000461,?,?), ref: 0040328E
                                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00403293
                                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 0040329B
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2546432228.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546415924.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546451744.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546468385.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546484548.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Window$??3@MessageSend$Text$ClassColorCreateDestroyLengthLibraryLoadLocaleLongMenuNameParentThreadlstrcmpi
                                                                                                                                                                                                    • String ID: RichEdit20W$STATIC$riched20${\rtf
                                                                                                                                                                                                    • API String ID: 3514532227-2281146334
                                                                                                                                                                                                    • Opcode ID: 2e173aac5f1df50d8f91cfe0fab26b53496a8c1ae9c7b6845bbf74d5360c6637
                                                                                                                                                                                                    • Instruction ID: f87ecbe388e0223389a063f86bd1e1dddf67b0c51ef4acd7a43fb054af45fbac
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2e173aac5f1df50d8f91cfe0fab26b53496a8c1ae9c7b6845bbf74d5360c6637
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0F319F72900108BFDB01AFE5DD49EEF7BBCAF48745F144036F600F2191DA749A818B68
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 004086FE Relevance: 34.8, APIs: 23, Instructions: 265windowCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetModuleHandleW.KERNEL32(00000000,00000065,000004B7,?,?,?,?,?,00408AC8), ref: 00408727
                                                                                                                                                                                                    • LoadIconW.USER32(00000000), ref: 0040872A
                                                                                                                                                                                                    • GetSystemMetrics.USER32(00000032), ref: 0040873E
                                                                                                                                                                                                    • GetSystemMetrics.USER32(00000031), ref: 00408743
                                                                                                                                                                                                    • GetModuleHandleW.KERNEL32(00000000,00000065,00000001,00000000,?,?,?,?,?,00408AC8), ref: 0040874C
                                                                                                                                                                                                    • LoadImageW.USER32(00000000), ref: 0040874F
                                                                                                                                                                                                    • SendMessageW.USER32(?,00000080,00000001,?), ref: 0040876F
                                                                                                                                                                                                    • SendMessageW.USER32(?,00000080,00000000,00000000), ref: 00408778
                                                                                                                                                                                                    • GetDlgItem.USER32(?,000004B2), ref: 00408794
                                                                                                                                                                                                    • GetDlgItem.USER32(?,000004B2), ref: 0040879E
                                                                                                                                                                                                    • GetWindowLongW.USER32(?,000000F0), ref: 004087AA
                                                                                                                                                                                                    • SetWindowLongW.USER32(?,000000F0,00000000), ref: 004087B9
                                                                                                                                                                                                    • GetDlgItem.USER32(?,000004B5), ref: 004087C7
                                                                                                                                                                                                    • GetDlgItem.USER32(?,000004B5), ref: 004087D5
                                                                                                                                                                                                    • GetWindowLongW.USER32(?,000000F0), ref: 004087E1
                                                                                                                                                                                                    • SetWindowLongW.USER32(?,000000F0,00000000), ref: 004087F0
                                                                                                                                                                                                    • GetWindow.USER32(?,00000005), ref: 004088D6
                                                                                                                                                                                                    • GetWindow.USER32(?,00000005), ref: 004088F2
                                                                                                                                                                                                    • GetWindow.USER32(?,00000005), ref: 0040890A
                                                                                                                                                                                                    • GetModuleHandleW.KERNEL32(00000000,00000065,000004B4,00000000,000004B3,00000000,000004B2,?,000004B7,?,?,?,?,?,00408AC8), ref: 0040896A
                                                                                                                                                                                                    • LoadIconW.USER32(00000000), ref: 00408971
                                                                                                                                                                                                    • GetDlgItem.USER32(?,000004B1), ref: 00408990
                                                                                                                                                                                                    • SendMessageW.USER32(00000000), ref: 00408993
                                                                                                                                                                                                      • Part of subcall function 00407B3C: GetDlgItem.USER32(?,?), ref: 00407B46
                                                                                                                                                                                                      • Part of subcall function 00407B3C: GetWindowTextLengthW.USER32(00000000), ref: 00407B4D
                                                                                                                                                                                                      • Part of subcall function 00407209: GetDlgItem.USER32(?,?), ref: 00407216
                                                                                                                                                                                                      • Part of subcall function 00407209: ShowWindow.USER32(00000000,?), ref: 0040722D
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2546432228.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546415924.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546451744.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546468385.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546484548.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Window$Item$Long$HandleLoadMessageModuleSend$IconMetricsSystem$ImageLengthShowText
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3694754696-0
                                                                                                                                                                                                    • Opcode ID: 912d7ef425d6c6494e29e3deb2b18d2c0e92bb38c953af52e25b7107b56c7ff0
                                                                                                                                                                                                    • Instruction ID: 039de319893d1fc2a2f677b1cd9d0fdeb06e220da667d6f51fbd84e31fd24c88
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 912d7ef425d6c6494e29e3deb2b18d2c0e92bb38c953af52e25b7107b56c7ff0
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8E710EB03047056BE6117B61DE4AF3B3A99EB80754F10443EF692762D2CFBDAC408A5E
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00404B35 Relevance: 33.5, APIs: 3, Strings: 16, Instructions: 207stringCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • lstrcmpiW.KERNEL32(00000000,004156B8,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00404C11
                                                                                                                                                                                                      • Part of subcall function 004021B3: GetLastError.KERNEL32(00000000,00000020,-00000002), ref: 00402202
                                                                                                                                                                                                      • Part of subcall function 004021B3: wsprintfW.USER32 ref: 00402213
                                                                                                                                                                                                      • Part of subcall function 004021B3: GetEnvironmentVariableW.KERNEL32(?,00000000,00000000), ref: 00402228
                                                                                                                                                                                                      • Part of subcall function 004021B3: GetLastError.KERNEL32 ref: 0040222D
                                                                                                                                                                                                      • Part of subcall function 004021B3: ??2@YAPAXI@Z.MSVCRT ref: 00402248
                                                                                                                                                                                                      • Part of subcall function 004021B3: GetEnvironmentVariableW.KERNEL32(?,00000000,00000004), ref: 0040225B
                                                                                                                                                                                                      • Part of subcall function 004021B3: GetLastError.KERNEL32 ref: 00402262
                                                                                                                                                                                                      • Part of subcall function 004021B3: lstrcmpiW.KERNEL32(00000000,00404955), ref: 00402277
                                                                                                                                                                                                      • Part of subcall function 004021B3: ??3@YAXPAX@Z.MSVCRT ref: 00402287
                                                                                                                                                                                                      • Part of subcall function 004021B3: SetLastError.KERNEL32(?), ref: 004022AE
                                                                                                                                                                                                      • Part of subcall function 004021B3: lstrlenA.KERNEL32(00415208), ref: 004022E2
                                                                                                                                                                                                      • Part of subcall function 004021B3: ??2@YAPAXI@Z.MSVCRT ref: 004022FD
                                                                                                                                                                                                      • Part of subcall function 004021B3: GetLocaleInfoW.KERNEL32(?,00001004,?,0000001F), ref: 0040232F
                                                                                                                                                                                                    • _wtol.MSVCRT(00000000), ref: 00404D0E
                                                                                                                                                                                                    • _wtol.MSVCRT(00000000), ref: 00404D2A
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2546432228.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546415924.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546451744.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546468385.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546484548.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ErrorLast$??2@EnvironmentVariable_wtollstrcmpi$??3@InfoLocalelstrlenwsprintf
                                                                                                                                                                                                    • String ID: CancelPrompt$ErrorTitle$ExtractCancelText$ExtractDialogText$ExtractDialogWidth$ExtractPathText$ExtractPathTitle$ExtractPathWidth$ExtractTitle$GUIFlags$GUIMode$MiscFlags$OverwriteMode$Progress$Title$WarningTitle
                                                                                                                                                                                                    • API String ID: 2725485552-1675048025
                                                                                                                                                                                                    • Opcode ID: 4f3447e187b8d09034772c4e1f667da3943b2aa83526ce6edd17a205bd317e56
                                                                                                                                                                                                    • Instruction ID: 0029bdf793b7ca219a6cf9bf5c630004183a1ad15403dcfd881f782f334e5f10
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4f3447e187b8d09034772c4e1f667da3943b2aa83526ce6edd17a205bd317e56
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 405193F1D01108BFEB107B615D8A9EF36ACDA91358724443FFA14F22C1EABD4E85866D
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00401EDE Relevance: 31.6, APIs: 21, Instructions: 121windowCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetWindowDC.USER32(00000000), ref: 00401EEA
                                                                                                                                                                                                    • GetDeviceCaps.GDI32(00000000,00000058), ref: 00401EF6
                                                                                                                                                                                                    • MulDiv.KERNEL32(00000000,00000064,00000060), ref: 00401F0F
                                                                                                                                                                                                    • GetObjectW.GDI32(?,00000018,?), ref: 00401F3E
                                                                                                                                                                                                    • MulDiv.KERNEL32(?,00000003,00000002), ref: 00401F49
                                                                                                                                                                                                    • MulDiv.KERNEL32(?,00000003,00000002), ref: 00401F53
                                                                                                                                                                                                    • CreateCompatibleDC.GDI32(?), ref: 00401F61
                                                                                                                                                                                                    • CreateCompatibleDC.GDI32(?), ref: 00401F68
                                                                                                                                                                                                    • SelectObject.GDI32(00000000,?), ref: 00401F76
                                                                                                                                                                                                    • CreateCompatibleBitmap.GDI32(?,?,?), ref: 00401F84
                                                                                                                                                                                                    • SelectObject.GDI32(00000000,00000000), ref: 00401F8C
                                                                                                                                                                                                    • SetStretchBltMode.GDI32(00000000,00000004), ref: 00401F94
                                                                                                                                                                                                    • StretchBlt.GDI32(00000000,00000000,00000000,?,?,00000000,00000000,00000000,?,?,00CC0020), ref: 00401FB3
                                                                                                                                                                                                    • GetCurrentObject.GDI32(00000000,00000007), ref: 00401FBC
                                                                                                                                                                                                    • SelectObject.GDI32(00000000,?), ref: 00401FC9
                                                                                                                                                                                                    • SelectObject.GDI32(00000000,?), ref: 00401FCF
                                                                                                                                                                                                    • DeleteDC.GDI32(00000000), ref: 00401FD8
                                                                                                                                                                                                    • DeleteDC.GDI32(00000000), ref: 00401FDB
                                                                                                                                                                                                    • ReleaseDC.USER32(00000000,?), ref: 00401FE2
                                                                                                                                                                                                    • ReleaseDC.USER32(00000000,?), ref: 00401FF1
                                                                                                                                                                                                    • CopyImage.USER32(?,00000000,00000000,00000000,00000000), ref: 00401FFE
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2546432228.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546415924.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546451744.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546468385.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546484548.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Object$Select$CompatibleCreate$DeleteReleaseStretch$BitmapCapsCopyCurrentDeviceImageModeWindow
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3462224810-0
                                                                                                                                                                                                    • Opcode ID: b47bfa37766e864d5ac7c3bff5c7f29dd76547e571441b34574f095888733673
                                                                                                                                                                                                    • Instruction ID: 5d1e451046eba931a8e7b73d6ea6690a392447b5a41005267d77fd745915eb74
                                                                                                                                                                                                    • Opcode Fuzzy Hash: b47bfa37766e864d5ac7c3bff5c7f29dd76547e571441b34574f095888733673
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7A310776D40208BFDF215BE29D48EEF7FBDEB88761F108066F604A61A0C7754A50EB64
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00402009 Relevance: 28.1, APIs: 14, Strings: 2, Instructions: 120windowcommemoryCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetClassNameA.USER32(?,?,00000040), ref: 0040201B
                                                                                                                                                                                                    • lstrcmpiA.KERNEL32(?,STATIC), ref: 00402032
                                                                                                                                                                                                    • GetWindowLongW.USER32(?,000000F0), ref: 00402045
                                                                                                                                                                                                    • GetMenu.USER32(?), ref: 0040205A
                                                                                                                                                                                                      • Part of subcall function 00401DF5: GetModuleHandleW.KERNEL32(00000000), ref: 00401E00
                                                                                                                                                                                                      • Part of subcall function 00401DF5: FindResourceExA.KERNEL32(00000000,?,?,00000000), ref: 00401E1D
                                                                                                                                                                                                      • Part of subcall function 00401DF5: FindResourceExA.KERNEL32(00000000,?,?,00000409), ref: 00401E31
                                                                                                                                                                                                      • Part of subcall function 00401DF5: SizeofResource.KERNEL32(00000000,00000000), ref: 00401E42
                                                                                                                                                                                                      • Part of subcall function 00401DF5: LoadResource.KERNEL32(00000000,00000000), ref: 00401E4C
                                                                                                                                                                                                      • Part of subcall function 00401DF5: LockResource.KERNEL32(00000000), ref: 00401E57
                                                                                                                                                                                                    • GlobalAlloc.KERNEL32(00000040,00000010), ref: 0040208C
                                                                                                                                                                                                    • memcpy.MSVCRT ref: 00402099
                                                                                                                                                                                                    • CoInitialize.OLE32(00000000), ref: 004020A2
                                                                                                                                                                                                    • CreateStreamOnHGlobal.OLE32(00000000,00000000,?), ref: 004020AE
                                                                                                                                                                                                    • OleLoadPicture.OLEAUT32(?,00000000,00000000,00415E04,?), ref: 004020D3
                                                                                                                                                                                                    • GlobalFree.KERNEL32(00000000), ref: 004020E3
                                                                                                                                                                                                      • Part of subcall function 00401EDE: GetWindowDC.USER32(00000000), ref: 00401EEA
                                                                                                                                                                                                      • Part of subcall function 00401EDE: GetDeviceCaps.GDI32(00000000,00000058), ref: 00401EF6
                                                                                                                                                                                                      • Part of subcall function 00401EDE: MulDiv.KERNEL32(00000000,00000064,00000060), ref: 00401F0F
                                                                                                                                                                                                      • Part of subcall function 00401EDE: GetObjectW.GDI32(?,00000018,?), ref: 00401F3E
                                                                                                                                                                                                      • Part of subcall function 00401EDE: MulDiv.KERNEL32(?,00000003,00000002), ref: 00401F49
                                                                                                                                                                                                      • Part of subcall function 00401EDE: MulDiv.KERNEL32(?,00000003,00000002), ref: 00401F53
                                                                                                                                                                                                      • Part of subcall function 00401EDE: CreateCompatibleDC.GDI32(?), ref: 00401F61
                                                                                                                                                                                                      • Part of subcall function 00401EDE: CreateCompatibleDC.GDI32(?), ref: 00401F68
                                                                                                                                                                                                      • Part of subcall function 00401EDE: SelectObject.GDI32(00000000,?), ref: 00401F76
                                                                                                                                                                                                      • Part of subcall function 00401EDE: CreateCompatibleBitmap.GDI32(?,?,?), ref: 00401F84
                                                                                                                                                                                                      • Part of subcall function 00401EDE: SelectObject.GDI32(00000000,00000000), ref: 00401F8C
                                                                                                                                                                                                      • Part of subcall function 00401EDE: SetStretchBltMode.GDI32(00000000,00000004), ref: 00401F94
                                                                                                                                                                                                      • Part of subcall function 00401EDE: StretchBlt.GDI32(00000000,00000000,00000000,?,?,00000000,00000000,00000000,?,?,00CC0020), ref: 00401FB3
                                                                                                                                                                                                      • Part of subcall function 00401EDE: GetCurrentObject.GDI32(00000000,00000007), ref: 00401FBC
                                                                                                                                                                                                      • Part of subcall function 00401EDE: SelectObject.GDI32(00000000,?), ref: 00401FC9
                                                                                                                                                                                                      • Part of subcall function 00401EDE: SelectObject.GDI32(00000000,?), ref: 00401FCF
                                                                                                                                                                                                      • Part of subcall function 00401EDE: DeleteDC.GDI32(00000000), ref: 00401FD8
                                                                                                                                                                                                      • Part of subcall function 00401EDE: DeleteDC.GDI32(00000000), ref: 00401FDB
                                                                                                                                                                                                      • Part of subcall function 00401EDE: ReleaseDC.USER32(00000000,?), ref: 00401FE2
                                                                                                                                                                                                    • GetObjectW.GDI32(00000000,00000018,?), ref: 00402115
                                                                                                                                                                                                    • SetWindowPos.USER32(00000010,00000000,00000000,00000000,?,?,00000006), ref: 00402129
                                                                                                                                                                                                    • SendMessageW.USER32(00000010,00000172,00000000,?), ref: 0040213B
                                                                                                                                                                                                    • GlobalFree.KERNEL32(00000000), ref: 00402150
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2546432228.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546415924.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546451744.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546468385.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546484548.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Object$Resource$CreateGlobalSelect$CompatibleWindow$DeleteFindFreeLoadStretch$AllocBitmapCapsClassCurrentDeviceHandleInitializeLockLongMenuMessageModeModuleNamePictureReleaseSendSizeofStreamlstrcmpimemcpy
                                                                                                                                                                                                    • String ID: IMAGES$STATIC
                                                                                                                                                                                                    • API String ID: 4202116410-1168396491
                                                                                                                                                                                                    • Opcode ID: 75b4482697df260aab65a5a7941d5379e2b77aabc16fc078eb73c221e7c7ff8a
                                                                                                                                                                                                    • Instruction ID: 91dfa6bffb294d6a5faa91ea44976e7f2bf651e64a1983605f27e53e7953ab13
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 75b4482697df260aab65a5a7941d5379e2b77aabc16fc078eb73c221e7c7ff8a
                                                                                                                                                                                                    • Instruction Fuzzy Hash: C4416B71A00118FFCB119FA1DD4CDEE7F7DEF49741B0080A5F605AA2A0D7758A81DBA8
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00408B49 Relevance: 27.1, APIs: 18, Instructions: 144windowcomtimeCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                      • Part of subcall function 00407209: GetDlgItem.USER32(?,?), ref: 00407216
                                                                                                                                                                                                      • Part of subcall function 00407209: ShowWindow.USER32(00000000,?), ref: 0040722D
                                                                                                                                                                                                    • GetDlgItem.USER32(?,000004B8), ref: 00408B76
                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 00408B85
                                                                                                                                                                                                    • GetDlgItem.USER32(?,000004B5), ref: 00408BCC
                                                                                                                                                                                                    • GetWindowLongW.USER32(00000000,000000F0), ref: 00408BD1
                                                                                                                                                                                                    • GetDlgItem.USER32(?,000004B5), ref: 00408BE1
                                                                                                                                                                                                    • SetWindowLongW.USER32(00000000), ref: 00408BE4
                                                                                                                                                                                                    • GetSystemMenu.USER32(?,00000000,000004B4,00000000), ref: 00408C0A
                                                                                                                                                                                                    • EnableMenuItem.USER32(00000000,0000F060,00000001), ref: 00408C1C
                                                                                                                                                                                                    • GetDlgItem.USER32(?,000004B4), ref: 00408C26
                                                                                                                                                                                                    • SetFocus.USER32(00000000), ref: 00408C29
                                                                                                                                                                                                    • SetTimer.USER32(?,00000001,00000000,00000000), ref: 00408C58
                                                                                                                                                                                                    • CoCreateInstance.OLE32(00415E34,00000000,00000001,00415B08,?), ref: 00408C7C
                                                                                                                                                                                                    • GetDlgItem.USER32(?,00000002), ref: 00408C99
                                                                                                                                                                                                    • IsWindow.USER32(00000000), ref: 00408C9C
                                                                                                                                                                                                    • GetDlgItem.USER32(?,00000002), ref: 00408CAC
                                                                                                                                                                                                    • EnableWindow.USER32(00000000), ref: 00408CAF
                                                                                                                                                                                                    • GetDlgItem.USER32(?,000004B5), ref: 00408CC3
                                                                                                                                                                                                    • ShowWindow.USER32(00000000), ref: 00408CC6
                                                                                                                                                                                                      • Part of subcall function 00407A6A: GetDlgItem.USER32(?,000004B6), ref: 00407A78
                                                                                                                                                                                                      • Part of subcall function 004086FE: GetModuleHandleW.KERNEL32(00000000,00000065,000004B7,?,?,?,?,?,00408AC8), ref: 00408727
                                                                                                                                                                                                      • Part of subcall function 004086FE: LoadIconW.USER32(00000000), ref: 0040872A
                                                                                                                                                                                                      • Part of subcall function 004086FE: GetSystemMetrics.USER32(00000032), ref: 0040873E
                                                                                                                                                                                                      • Part of subcall function 004086FE: GetSystemMetrics.USER32(00000031), ref: 00408743
                                                                                                                                                                                                      • Part of subcall function 004086FE: GetModuleHandleW.KERNEL32(00000000,00000065,00000001,00000000,?,?,?,?,?,00408AC8), ref: 0040874C
                                                                                                                                                                                                      • Part of subcall function 004086FE: LoadImageW.USER32(00000000), ref: 0040874F
                                                                                                                                                                                                      • Part of subcall function 004086FE: SendMessageW.USER32(?,00000080,00000001,?), ref: 0040876F
                                                                                                                                                                                                      • Part of subcall function 004086FE: SendMessageW.USER32(?,00000080,00000000,00000000), ref: 00408778
                                                                                                                                                                                                      • Part of subcall function 004086FE: GetDlgItem.USER32(?,000004B2), ref: 00408794
                                                                                                                                                                                                      • Part of subcall function 004086FE: GetDlgItem.USER32(?,000004B2), ref: 0040879E
                                                                                                                                                                                                      • Part of subcall function 004086FE: GetWindowLongW.USER32(?,000000F0), ref: 004087AA
                                                                                                                                                                                                      • Part of subcall function 004086FE: SetWindowLongW.USER32(?,000000F0,00000000), ref: 004087B9
                                                                                                                                                                                                      • Part of subcall function 004086FE: GetDlgItem.USER32(?,000004B5), ref: 004087C7
                                                                                                                                                                                                      • Part of subcall function 004086FE: GetDlgItem.USER32(?,000004B5), ref: 004087D5
                                                                                                                                                                                                      • Part of subcall function 004086FE: GetWindowLongW.USER32(?,000000F0), ref: 004087E1
                                                                                                                                                                                                      • Part of subcall function 004086FE: SetWindowLongW.USER32(?,000000F0,00000000), ref: 004087F0
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2546432228.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546415924.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546451744.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546468385.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546484548.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Item$Window$Long$MessageSendSystem$EnableHandleLoadMenuMetricsModuleShow$CreateFocusIconImageInstanceTimer
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1057135554-0
                                                                                                                                                                                                    • Opcode ID: eaf23160efd0307f89d7b68af9e71152053e371a4570ee8adff50cbc9787fa7e
                                                                                                                                                                                                    • Instruction ID: 224722099809db51628d05960710a87cde38d463417800169f27d4d88e92d86b
                                                                                                                                                                                                    • Opcode Fuzzy Hash: eaf23160efd0307f89d7b68af9e71152053e371a4570ee8adff50cbc9787fa7e
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 98418B70604708AFEA206F66DE49F577BADEB80B04F11843DF555A62E1CF79B840CA2C
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00407324 Relevance: 24.3, APIs: 16, Instructions: 294COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetDlgItem.USER32(?,000004B3), ref: 0040734C
                                                                                                                                                                                                    • GetWindowLongW.USER32(00000000,000000F0), ref: 00407351
                                                                                                                                                                                                    • GetDlgItem.USER32(?,000004B4), ref: 00407388
                                                                                                                                                                                                    • GetWindowLongW.USER32(00000000,000000F0), ref: 0040738D
                                                                                                                                                                                                    • GetSystemMetrics.USER32(00000010), ref: 0040740F
                                                                                                                                                                                                    • GetSystemMetrics.USER32(00000011), ref: 00407415
                                                                                                                                                                                                    • GetSystemMetrics.USER32(00000008), ref: 0040741C
                                                                                                                                                                                                    • GetSystemMetrics.USER32(00000007), ref: 00407423
                                                                                                                                                                                                    • GetParent.USER32(?), ref: 00407447
                                                                                                                                                                                                    • GetClientRect.USER32(00000000,?), ref: 00407459
                                                                                                                                                                                                    • ClientToScreen.USER32(?,?), ref: 0040746C
                                                                                                                                                                                                    • SetWindowPos.USER32(?,00000000,?,?,?,00000000,00000004), ref: 004074D2
                                                                                                                                                                                                    • GetClientRect.USER32(?,?), ref: 0040756C
                                                                                                                                                                                                      • Part of subcall function 004072F5: GetDlgItem.USER32(?,?), ref: 00407313
                                                                                                                                                                                                      • Part of subcall function 004072F5: SetWindowPos.USER32(00000000), ref: 0040731A
                                                                                                                                                                                                    • ClientToScreen.USER32(?,?), ref: 00407475
                                                                                                                                                                                                      • Part of subcall function 004071EC: GetDlgItem.USER32(?,?), ref: 004071F8
                                                                                                                                                                                                    • GetSystemMetrics.USER32(00000008), ref: 004075F1
                                                                                                                                                                                                    • GetSystemMetrics.USER32(00000007), ref: 004075F8
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2546432228.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546415924.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546451744.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546468385.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546484548.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: MetricsSystem$ClientItemWindow$LongRectScreen$Parent
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 747815384-0
                                                                                                                                                                                                    • Opcode ID: 35f39b259cb15be5e21bf055192cb3e2893df2de53a1a99aaff2ca9cd82b522a
                                                                                                                                                                                                    • Instruction ID: a0ad394a55fa0a1721489591c3d48553244f7f891a42e1949470b4e54b7fd047
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 35f39b259cb15be5e21bf055192cb3e2893df2de53a1a99aaff2ca9cd82b522a
                                                                                                                                                                                                    • Instruction Fuzzy Hash: B2A12A71E04209AFDB14CFB9CD85AEEBBF9EB48304F148529E905F3291D778E9408B65
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 0040342C Relevance: 23.0, APIs: 10, Strings: 3, Instructions: 264COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 004034B5
                                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 004034BD
                                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 004036E3
                                                                                                                                                                                                      • Part of subcall function 004026C6: ??3@YAXPAX@Z.MSVCRT ref: 004026CC
                                                                                                                                                                                                      • Part of subcall function 004026C6: ??3@YAXPAX@Z.MSVCRT ref: 004026D3
                                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00403710
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2546432228.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546415924.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546451744.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546468385.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546484548.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ??3@
                                                                                                                                                                                                    • String ID: 0FA$SetEnvironment${\rtf
                                                                                                                                                                                                    • API String ID: 613200358-2399711308
                                                                                                                                                                                                    • Opcode ID: 815450e4ddcb86d512666d4464849088acf7f8bc4e05b7daeeaa442e47177da6
                                                                                                                                                                                                    • Instruction ID: a9b0ba56adfd3770e1cd5829527a668cbe659d9fbc84a1bfbaef92eb180e3906
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 815450e4ddcb86d512666d4464849088acf7f8bc4e05b7daeeaa442e47177da6
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1A91BF71900109BBCF21EF91CC46AEEBB78AF1430AF20447BE941772E1DA795B46DB49
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00407852 Relevance: 16.6, APIs: 11, Instructions: 87windowCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetParent.USER32(?), ref: 00407860
                                                                                                                                                                                                    • GetWindowLongW.USER32(00000000), ref: 00407867
                                                                                                                                                                                                    • DefWindowProcW.USER32(?,?,?,?), ref: 0040787D
                                                                                                                                                                                                    • CallWindowProcW.USER32(?,?,?,?,?), ref: 0040789A
                                                                                                                                                                                                    • GetSystemMetrics.USER32(00000031), ref: 004078AC
                                                                                                                                                                                                    • GetSystemMetrics.USER32(00000032), ref: 004078B3
                                                                                                                                                                                                    • GetWindowDC.USER32(?), ref: 004078C5
                                                                                                                                                                                                    • GetWindowRect.USER32(?,?), ref: 004078D2
                                                                                                                                                                                                    • DrawIconEx.USER32(00000000,?,?,?,?,?,00000000,00000000,00000003), ref: 00407906
                                                                                                                                                                                                    • ReleaseDC.USER32(?,00000000), ref: 0040790E
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2546432228.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546415924.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546451744.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546468385.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546484548.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Window$MetricsProcSystem$CallDrawIconLongParentRectRelease
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2586545124-0
                                                                                                                                                                                                    • Opcode ID: 3ece1157a758dadcf56a3a709e15e99760e1987f316051d3c357604a5bc7be5e
                                                                                                                                                                                                    • Instruction ID: 52be0402dc7b357b4bf34bc6e6a675404a41cf5866785f5d5035100a8e7da033
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3ece1157a758dadcf56a3a709e15e99760e1987f316051d3c357604a5bc7be5e
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3B21FC7660021ABFDB019FA8ED48EDF3BADFB48351F048521FA15E2191CB74E920CB65
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00403BCE Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 92COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2546432228.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546415924.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546451744.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546468385.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546484548.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ??3@$wsprintf
                                                                                                                                                                                                    • String ID: :%hs$:Language:%u$;!@Install@!UTF-8!$;!@InstallEnd@!
                                                                                                                                                                                                    • API String ID: 2704270482-695273242
                                                                                                                                                                                                    • Opcode ID: cc1a3afb3d883613eeb8b3e353601ebd9c1b56f063cebdfa8a125c728cc411fe
                                                                                                                                                                                                    • Instruction ID: 1b8667397c12d336e930ce8dd478f3c0f5fcbcef1a4eca0425c6607baeb60929
                                                                                                                                                                                                    • Opcode Fuzzy Hash: cc1a3afb3d883613eeb8b3e353601ebd9c1b56f063cebdfa8a125c728cc411fe
                                                                                                                                                                                                    • Instruction Fuzzy Hash: F12121B17005086BDF05EAA58D85EFE73ADAB88708F14402EB505F31C1DBBCAA458759
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00404F96 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 78synchronizationCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2546432228.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546415924.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546451744.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546468385.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546484548.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ??3@$CloseExecuteHandleObjectShellSingleWaitmemset
                                                                                                                                                                                                    • String ID: $WA
                                                                                                                                                                                                    • API String ID: 2700081640-874810811
                                                                                                                                                                                                    • Opcode ID: 15d7d94921ca385940e4122565536b427648d2303b2bb8e69fba9e7ea8f78c89
                                                                                                                                                                                                    • Instruction ID: 8cdcfedd5936f543e78769933c75d32c6245f9f3c5592d88d5a60bc16fc1c1df
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 15d7d94921ca385940e4122565536b427648d2303b2bb8e69fba9e7ea8f78c89
                                                                                                                                                                                                    • Instruction Fuzzy Hash: C0216D71804209ABDF11EF95D845AEFBBB8EF44318F10812BFA15B61A0DB785989CF84
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00407057 Relevance: 13.5, APIs: 9, Instructions: 47windowCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetDlgItem.USER32(?,000004B3), ref: 0040706B
                                                                                                                                                                                                    • SendMessageW.USER32(00000000,000000F4,00000000,00000001), ref: 0040707E
                                                                                                                                                                                                    • GetDlgItem.USER32(?,000004B4), ref: 00407088
                                                                                                                                                                                                    • SendMessageW.USER32(00000000,000000F4,00000000,00000001), ref: 00407090
                                                                                                                                                                                                    • SendMessageW.USER32(?,00000401,00000000,00000000), ref: 004070A0
                                                                                                                                                                                                    • GetDlgItem.USER32(?,?), ref: 004070A9
                                                                                                                                                                                                    • SendMessageW.USER32(00000000,000000F4,00000001,00000001), ref: 004070B1
                                                                                                                                                                                                    • GetDlgItem.USER32(?,?), ref: 004070BA
                                                                                                                                                                                                    • SetFocus.USER32(00000000,?,?,00000000,00407FAE,000004B3,00000000,?,000004B3), ref: 004070BD
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2546432228.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546415924.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546451744.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546468385.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546484548.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ItemMessageSend$Focus
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3946207451-0
                                                                                                                                                                                                    • Opcode ID: 0fc6dd28cd98c92534448f4fcc92f52223e7101c96fd3207fd34216a5bdc41e5
                                                                                                                                                                                                    • Instruction ID: 5d9f80474de4dcc3f376415b50596b4d6f25ba69a104e928cd55d4f6a31a8c04
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0fc6dd28cd98c92534448f4fcc92f52223e7101c96fd3207fd34216a5bdc41e5
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 46F04F712403087BEA212B61DD86F9BBA5EDF80B94F018425F350660F0CBF3AC509A28
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00407678 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 39libraryloaderCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • LoadLibraryA.KERNEL32(uxtheme,?,004089BB,000004B1,00000000,?,?,?,?,?,00408AC8), ref: 00407680
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,SetWindowTheme), ref: 00407691
                                                                                                                                                                                                    • GetWindow.USER32(?,00000005), ref: 004076AA
                                                                                                                                                                                                    • GetWindow.USER32(00000000,00000002), ref: 004076C0
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2546432228.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546415924.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546451744.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546468385.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546484548.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Window$AddressLibraryLoadProc
                                                                                                                                                                                                    • String ID: XA$SetWindowTheme$uxtheme
                                                                                                                                                                                                    • API String ID: 324724604-3019689983
                                                                                                                                                                                                    • Opcode ID: 1868035f0e72e64a460ab4f3ad1c9a181874f3c559f2ba787c374269699430c0
                                                                                                                                                                                                    • Instruction ID: f904700b681b15efec0ce33b5b1de5db2a7474ba9eb9f73b1446f12cb5275619
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1868035f0e72e64a460ab4f3ad1c9a181874f3c559f2ba787c374269699430c0
                                                                                                                                                                                                    • Instruction Fuzzy Hash: F8F02732A45F2573C231126A6C48EAB7A9CDFC5B307064536B804F7380DA6ADC4081ED
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 004076CD Relevance: 12.1, APIs: 8, Instructions: 69COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • memcpy.MSVCRT ref: 004076EC
                                                                                                                                                                                                    • SystemParametersInfoW.USER32(00000029,00000000,?,00000000), ref: 0040770B
                                                                                                                                                                                                    • GetDC.USER32(00000000), ref: 00407716
                                                                                                                                                                                                    • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00407722
                                                                                                                                                                                                    • MulDiv.KERNEL32(?,00000048,00000000), ref: 00407731
                                                                                                                                                                                                    • ReleaseDC.USER32(00000000,?), ref: 0040773F
                                                                                                                                                                                                    • GetModuleHandleW.KERNEL32(00000000), ref: 00407767
                                                                                                                                                                                                    • DialogBoxIndirectParamW.USER32(00000000,?,?,Function_00006F0F), ref: 0040779C
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2546432228.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546415924.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546451744.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546468385.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546484548.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CapsDeviceDialogHandleIndirectInfoModuleParamParametersReleaseSystemmemcpy
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2693764856-0
                                                                                                                                                                                                    • Opcode ID: f31c46d79efd12f0c6e31496684c0613d70d8776a133cac82a1eefdee8320659
                                                                                                                                                                                                    • Instruction ID: afc10ac911df07e4e6cf66ea75b89f896700515d4e888b71f534ad2bf84f0f11
                                                                                                                                                                                                    • Opcode Fuzzy Hash: f31c46d79efd12f0c6e31496684c0613d70d8776a133cac82a1eefdee8320659
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5321D5B1940219BFD7215FA19C89EEB7B7CFF44741F0000B6FA09E2290D7345E948B69
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 0040723B Relevance: 12.1, APIs: 8, Instructions: 68COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetDC.USER32(?), ref: 0040724B
                                                                                                                                                                                                    • GetSystemMetrics.USER32(0000000B), ref: 00407267
                                                                                                                                                                                                    • GetSystemMetrics.USER32(0000003D), ref: 00407270
                                                                                                                                                                                                    • GetSystemMetrics.USER32(0000003E), ref: 00407278
                                                                                                                                                                                                    • SelectObject.GDI32(?,?), ref: 00407295
                                                                                                                                                                                                    • DrawTextW.USER32(?,00000000,000000FF,?,?), ref: 004072B0
                                                                                                                                                                                                    • SelectObject.GDI32(?,?), ref: 004072D6
                                                                                                                                                                                                    • ReleaseDC.USER32(?,?), ref: 004072E5
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2546432228.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546415924.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546451744.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546468385.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546484548.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: MetricsSystem$ObjectSelect$DrawReleaseText
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2466489532-0
                                                                                                                                                                                                    • Opcode ID: 3fc5bb8d8ce0059ed4a313ac0909580b77e08559f279fdacdcb38977844fadab
                                                                                                                                                                                                    • Instruction ID: 6f10caf3c91ec906ab8c69a2f752e165f8fbbbb970a8871ef44e176c1e6f5179
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3fc5bb8d8ce0059ed4a313ac0909580b77e08559f279fdacdcb38977844fadab
                                                                                                                                                                                                    • Instruction Fuzzy Hash: ED216A72900209AFCB018FA5DD44A8EBFF4EF48360F11C4AAF519A72A0D335AA40DF44
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 0040CD59 Relevance: 12.0, APIs: 1, Strings: 7, Instructions: 42COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • _CxxThrowException.MSVCRT(x\A,00415FC8), ref: 0040CDF1
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2546432228.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546415924.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546451744.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546468385.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546484548.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ExceptionThrow
                                                                                                                                                                                                    • String ID: $\A$4\A$D\A$T\A$h\A$x\A$x\A
                                                                                                                                                                                                    • API String ID: 432778473-4237324355
                                                                                                                                                                                                    • Opcode ID: 42af2ecacb29d270843999158bbdf4f88e41a002526f962cdbd600073b257eea
                                                                                                                                                                                                    • Instruction ID: 4c22c63eab4b6001538c3dc2317f457de0ef6912c253ce436c5b2a5e9cf33ab3
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 42af2ecacb29d270843999158bbdf4f88e41a002526f962cdbd600073b257eea
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 771190B0511F44DBC730DF16D5884CAFBF8AF957187108A1FD19A9BA50E3F8A189CB98
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 004081A9 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 102windowCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 004081E3
                                                                                                                                                                                                    • GetDlgItem.USER32(?,000004B8), ref: 00408201
                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000402,00000000,00000000), ref: 00408213
                                                                                                                                                                                                    • wsprintfW.USER32 ref: 00408231
                                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 004082C9
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2546432228.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546415924.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546451744.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546468385.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546484548.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ??3@ItemMessageSendUnothrow_t@std@@@__ehfuncinfo$??2@wsprintf
                                                                                                                                                                                                    • String ID: %d%%
                                                                                                                                                                                                    • API String ID: 3753976982-1518462796
                                                                                                                                                                                                    • Opcode ID: 4834618e73f83458aad26a7206775ecf8ed0c509a94533082d5cf67e45c18303
                                                                                                                                                                                                    • Instruction ID: d547d5554fea010f519209f47393056b7b5c94104caa36f0b20f7048e519bd49
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4834618e73f83458aad26a7206775ecf8ed0c509a94533082d5cf67e45c18303
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6B31B131900704BBCB11AFA0DE45EDA7BB9FF44704F10846EF646A62E1CB79AA10CB58
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 004083C0 Relevance: 10.6, APIs: 7, Instructions: 63timethreadinjectionCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • EndDialog.USER32(?,00000000), ref: 004083DA
                                                                                                                                                                                                    • KillTimer.USER32(?,00000001), ref: 004083EB
                                                                                                                                                                                                    • SetTimer.USER32(?,00000001,00000000,00000000), ref: 00408415
                                                                                                                                                                                                    • SuspendThread.KERNEL32(0000035C), ref: 0040842E
                                                                                                                                                                                                    • ResumeThread.KERNEL32(0000035C), ref: 0040844B
                                                                                                                                                                                                    • EndDialog.USER32(?,00000000), ref: 0040846D
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2546432228.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546415924.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546451744.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546468385.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546484548.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: DialogThreadTimer$KillResumeSuspend
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 4151135813-0
                                                                                                                                                                                                    • Opcode ID: e75cb11098a165f3e00a93ead61a02ee0602d1603e20a081ddaa5bed579dc4cd
                                                                                                                                                                                                    • Instruction ID: 48b16cdcac2f029ef5c3ce809d25cb41ce606689494225ec37f78696aa4d263a
                                                                                                                                                                                                    • Opcode Fuzzy Hash: e75cb11098a165f3e00a93ead61a02ee0602d1603e20a081ddaa5bed579dc4cd
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 79118F71600209AFD7202F62FE84AA73BADEB80B45714C43EF596A11B1DF359C01DA5C
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 0040405E Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 56COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2546432228.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546415924.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546451744.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546468385.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546484548.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ??3@
                                                                                                                                                                                                    • String ID: %%M/$%%M\
                                                                                                                                                                                                    • API String ID: 613200358-4143866494
                                                                                                                                                                                                    • Opcode ID: 8d74330d7c47e7ec155605d8972836f8cd90317b8a684ae5ad7c9bd0a89d9626
                                                                                                                                                                                                    • Instruction ID: ae7ccff3c4984ef899f0664094611f881c6179175724c87e9ac4d6adf99dc5ad
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8d74330d7c47e7ec155605d8972836f8cd90317b8a684ae5ad7c9bd0a89d9626
                                                                                                                                                                                                    • Instruction Fuzzy Hash: AF11D73190010EAACF05FFA1D956DEEBB79AF00318F50456AB521760E1DBB86699CB88
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00403EE8 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 56COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2546432228.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546415924.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546451744.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546468385.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546484548.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ??3@
                                                                                                                                                                                                    • String ID: %%T/$%%T\
                                                                                                                                                                                                    • API String ID: 613200358-2679640699
                                                                                                                                                                                                    • Opcode ID: 00b623cf612c74aa8f2fb87727e921c33523463c9af7ccc1e427d662d593664c
                                                                                                                                                                                                    • Instruction ID: 1540654d000bee33f0bf236bf2786ca3bc36bf969bc56e1bcbd04563868c3890
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 00b623cf612c74aa8f2fb87727e921c33523463c9af7ccc1e427d662d593664c
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9F11073190010EAACF05FFA1D946CEEBB39AF00318F10452AB511724E1DBB86699CB98
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00403FA3 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 56COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2546432228.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546415924.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546451744.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546468385.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546484548.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ??3@
                                                                                                                                                                                                    • String ID: %%S/$%%S\
                                                                                                                                                                                                    • API String ID: 613200358-358529586
                                                                                                                                                                                                    • Opcode ID: 0d325b822506a746de723ed7a2266f3842419fb082db078651a1263f39a8f9fc
                                                                                                                                                                                                    • Instruction ID: 46769830cf2248f7da0d90b8b5e5a17041a4a2d7ad556ba568fe6d8d869660d1
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0d325b822506a746de723ed7a2266f3842419fb082db078651a1263f39a8f9fc
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9F11E93190010EBACF05FFA1DD56DEEBB79AF0031CF50456AB521720E1DBB86699CB88
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 004054F0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 92COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00405572
                                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 004055D4
                                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 004055EC
                                                                                                                                                                                                      • Part of subcall function 0040371D: lstrlenW.KERNEL32(004017FB,00000000,?,?,?,?,?,?,004017FB,?), ref: 0040372A
                                                                                                                                                                                                      • Part of subcall function 0040371D: GetSystemTimeAsFileTime.KERNEL32(?,004017FB,?,?,?,?,004017FB,?), ref: 004037A0
                                                                                                                                                                                                      • Part of subcall function 0040371D: GetFileAttributesW.KERNELBASE(?,?,?,?,?,004017FB,?), ref: 004037A7
                                                                                                                                                                                                      • Part of subcall function 0040371D: ??3@YAXPAX@Z.MSVCRT ref: 00403866
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2546432228.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546415924.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546451744.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546468385.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546484548.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ??3@$FileTime$AttributesSystemlstrlen
                                                                                                                                                                                                    • String ID: ;!@Install@!UTF-8!$;!@InstallEnd@!
                                                                                                                                                                                                    • API String ID: 4038993085-372238525
                                                                                                                                                                                                    • Opcode ID: 2a85efb9fc4df3f664930e950edea05c435a2d0503b340e68b98611daed76cd9
                                                                                                                                                                                                    • Instruction ID: e37cdd1bb20b18eb0c9aa4d9d77910c01642be129359a522859184d78abb527a
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2a85efb9fc4df3f664930e950edea05c435a2d0503b340e68b98611daed76cd9
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8131377580021EAACF05EF92CD819EEBB75FF54318F10042BE811B22E1DB795A45DB58
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00401000 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 58stringCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2546432228.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546415924.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546451744.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546468385.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546484548.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: wsprintf$ExitProcesslstrcat
                                                                                                                                                                                                    • String ID: 0x%p
                                                                                                                                                                                                    • API String ID: 2530384128-1745605757
                                                                                                                                                                                                    • Opcode ID: efaa74bb8e783b89e2550c26a3ba915e44d67ba2621a20dac2b5c57b7e42c894
                                                                                                                                                                                                    • Instruction ID: 1314f2abe56a8853062125fdc791d10c761366de72a6b198a385f2dfa53c0856
                                                                                                                                                                                                    • Opcode Fuzzy Hash: efaa74bb8e783b89e2550c26a3ba915e44d67ba2621a20dac2b5c57b7e42c894
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4E1142B1800208AFDB20EFA4DE859DA77B8BF44304F10447BE645E3591DB74AA948F69
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00407DD0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 55COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • memset.MSVCRT ref: 00407DE5
                                                                                                                                                                                                    • SHBrowseForFolderW.SHELL32(?), ref: 00407DFE
                                                                                                                                                                                                    • SHGetPathFromIDListW.SHELL32(00000000,00000000), ref: 00407E1A
                                                                                                                                                                                                    • SHGetMalloc.SHELL32(00000000), ref: 00407E44
                                                                                                                                                                                                      • Part of subcall function 00407BBF: GetDlgItem.USER32(?,000004B6), ref: 00407BCC
                                                                                                                                                                                                      • Part of subcall function 00407BBF: SetFocus.USER32(00000000,?,?,00407CB3,000004B6,?), ref: 00407BD3
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2546432228.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546415924.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546451744.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546468385.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546484548.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: BrowseFocusFolderFromItemListMallocPathmemset
                                                                                                                                                                                                    • String ID: A
                                                                                                                                                                                                    • API String ID: 1557639607-3554254475
                                                                                                                                                                                                    • Opcode ID: 2b098266b39b3f668ca56778adddcd14bb4c1f8d57c6151e1855998d85c55c2b
                                                                                                                                                                                                    • Instruction ID: a4824954b2f530c4be457b4d48ab3620df28fe7afd7e0c092b1d321795545aed
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2b098266b39b3f668ca56778adddcd14bb4c1f8d57c6151e1855998d85c55c2b
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 58112471A042049BDB10DBA5D988BDE77BCAB84744F1000B9E905E7280DB78EF44CBB5
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00402B9D Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 53COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • ExpandEnvironmentStringsW.KERNEL32(00000000,?,00000001,00000000,?,?,?), ref: 00402BCE
                                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00402BD7
                                                                                                                                                                                                      • Part of subcall function 0040119E: ??2@YAPAXI@Z.MSVCRT ref: 004011BE
                                                                                                                                                                                                      • Part of subcall function 0040119E: ??3@YAXPAX@Z.MSVCRT ref: 004011E4
                                                                                                                                                                                                    • ExpandEnvironmentStringsW.KERNEL32(SetEnvironment,00000000,00000001,00000001,SetEnvironment), ref: 00402BEF
                                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00402C0F
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2546432228.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546415924.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546451744.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546468385.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546484548.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ??3@$EnvironmentExpandStrings$??2@
                                                                                                                                                                                                    • String ID: SetEnvironment
                                                                                                                                                                                                    • API String ID: 612612615-360490078
                                                                                                                                                                                                    • Opcode ID: 55d31c0c8e8d43e4bc40bd8419a98e00ed9ee3417a8b330f63c4d1dc32bb4481
                                                                                                                                                                                                    • Instruction ID: 7a1986039434bfea8fb976bad68b9fec1708bfa62b9b7c4d92bd289c52dd9e7c
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 55d31c0c8e8d43e4bc40bd8419a98e00ed9ee3417a8b330f63c4d1dc32bb4481
                                                                                                                                                                                                    • Instruction Fuzzy Hash: BE015272D04108BADB15AF95ED85DEEB77CAF44314F10406BF901F31D1EBB46A808A98
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00404677 Relevance: 7.6, APIs: 5, Instructions: 96stringCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • lstrlenW.KERNEL32(004183B0,00000020,-00000002,-00000004,0040601F,-00000002,?,?,00000000,0000000A), ref: 00404690
                                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00404742
                                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 0040474A
                                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00404759
                                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00404761
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2546432228.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546415924.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546451744.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546468385.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546484548.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ??3@$lstrlen
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2031685711-0
                                                                                                                                                                                                    • Opcode ID: 9dd4e087dfebdb7adc829e694212170b53856bb28406c9df5260f1851f0cfc14
                                                                                                                                                                                                    • Instruction ID: e452c8b9580ad5b4e9c5ad8253c2bd18b5e641b8773d8d819885c06dfbd1aa5e
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9dd4e087dfebdb7adc829e694212170b53856bb28406c9df5260f1851f0cfc14
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8F21F7B6D00204ABCF206FA0C805AEB77A8EF96354F14487BEA41B72D1E77D59858698
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 004080B0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 85COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                      • Part of subcall function 00407A9A: GetSystemMetrics.USER32(0000000B), ref: 00407AC2
                                                                                                                                                                                                      • Part of subcall function 00407A9A: GetSystemMetrics.USER32(0000000C), ref: 00407ACB
                                                                                                                                                                                                    • GetSystemMetrics.USER32(00000007), ref: 004080C7
                                                                                                                                                                                                    • GetSystemMetrics.USER32(00000007), ref: 004080D8
                                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 0040819F
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2546432228.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546415924.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546451744.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546468385.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546484548.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: MetricsSystem$??3@
                                                                                                                                                                                                    • String ID: 100%%
                                                                                                                                                                                                    • API String ID: 2562992111-568723177
                                                                                                                                                                                                    • Opcode ID: 231875b45a637f34d9f9c3f5c9e0aa16ca98c8cd5888c3b0cb21755736041274
                                                                                                                                                                                                    • Instruction ID: 361b5331053c267c82135be000a438b6f2aafb9a8e426eb0e0de44657c638489
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 231875b45a637f34d9f9c3f5c9e0aa16ca98c8cd5888c3b0cb21755736041274
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1031A271A007059FCB20DF69CE459AEB7F4AF50708B10052ED582A62D1DB74FE45CBA9
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00404EC8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 60COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                      • Part of subcall function 00407CB6: GetSystemMetrics.USER32(00000010), ref: 00407CF8
                                                                                                                                                                                                      • Part of subcall function 00407CB6: GetSystemMetrics.USER32(00000011), ref: 00407D06
                                                                                                                                                                                                    • wsprintfW.USER32 ref: 00404F48
                                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00404F85
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2546432228.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546415924.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546451744.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546468385.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546484548.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: MetricsSystem$??3@wsprintf
                                                                                                                                                                                                    • String ID: %X - %03X - %03X - %03X - %03X$xSA
                                                                                                                                                                                                    • API String ID: 1174869416-2200552790
                                                                                                                                                                                                    • Opcode ID: 5e99973b4770436b31ae6ebce53f387213bf9e7a1f7abe49b1e3923643a300da
                                                                                                                                                                                                    • Instruction ID: 40de33091f6d7bfb9cb16c884b275a10ef5d6579019540d7c3242ae87892468d
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5e99973b4770436b31ae6ebce53f387213bf9e7a1f7abe49b1e3923643a300da
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8D117C71D4421CABDB11AB90DD46FEDB334BB44708F20417EB6597A0E2DBB82A44CB99
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00404247 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 26stringCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • lstrlenW.KERNEL32(|g@,00000000,?,00000000,0040428E,00000000,00000000,0040677C,?,waitall,00000000,00000000,?,?,004187D0), ref: 00404254
                                                                                                                                                                                                    • lstrlenW.KERNEL32(?,?,?,004187D0), ref: 0040425D
                                                                                                                                                                                                    • _wcsnicmp.MSVCRT ref: 00404269
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2546432228.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546415924.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546451744.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546468385.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546484548.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: lstrlen$_wcsnicmp
                                                                                                                                                                                                    • String ID: |g@
                                                                                                                                                                                                    • API String ID: 2823567412-4274713814
                                                                                                                                                                                                    • Opcode ID: 8992e580c2879bf2cf1974d0f1fd0d83e29de68f0bfec66311d505a649ea88d3
                                                                                                                                                                                                    • Instruction ID: 91fd41af1b4c5a631b7d1c9a566814b64cdbe312f0f5f3dcf94e635f0d89012e
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8992e580c2879bf2cf1974d0f1fd0d83e29de68f0bfec66311d505a649ea88d3
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 13E04F726042155BCA008BA5AC84C4B7BADEAC8399B14087AF700D2161E735D8158BB5
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 004023E1 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 13libraryloaderCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • LoadLibraryA.KERNEL32(kernel32,Wow64RevertWow64FsRedirection,00406ACC,00000000,?,?), ref: 004023F4
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000), ref: 004023FB
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2546432228.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546415924.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546451744.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546468385.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546484548.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: AddressLibraryLoadProc
                                                                                                                                                                                                    • String ID: Wow64RevertWow64FsRedirection$kernel32
                                                                                                                                                                                                    • API String ID: 2574300362-3900151262
                                                                                                                                                                                                    • Opcode ID: fc8a105a084ed9362e95b51bbe18b35c476ad17b6e1470a8481edb99e814b72d
                                                                                                                                                                                                    • Instruction ID: e6431754f0bb42eea3281cd090f065db593f33429da415fe5b8d4e5d76c2fc8e
                                                                                                                                                                                                    • Opcode Fuzzy Hash: fc8a105a084ed9362e95b51bbe18b35c476ad17b6e1470a8481edb99e814b72d
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 46D0C970281201BBD7541BB0EE0DBD636A9E7C0B0AF64C53AA510A00F1CFBC84C0CA2C
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00402415 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 12libraryloaderCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • LoadLibraryA.KERNEL32(kernel32,Wow64DisableWow64FsRedirection,0040246B,?,00406A06,?,00000000,?,?), ref: 00402426
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000), ref: 0040242D
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2546432228.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546415924.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546451744.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546468385.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546484548.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: AddressLibraryLoadProc
                                                                                                                                                                                                    • String ID: Wow64DisableWow64FsRedirection$kernel32
                                                                                                                                                                                                    • API String ID: 2574300362-736604160
                                                                                                                                                                                                    • Opcode ID: 37665ca539f3be4570db02a906197ebf596f47f328cc02b1eb8054edfcc0c386
                                                                                                                                                                                                    • Instruction ID: 356b9ffe611459cab99037cfc994ce0ef5e0ec7a2b6c4e96b739cb0aff8c561e
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 37665ca539f3be4570db02a906197ebf596f47f328cc02b1eb8054edfcc0c386
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 60D0C9702812007BD7505BA4DD0DBC535A4ABD0B06F7080396114910E0CAFC8080C62D
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00402E02 Relevance: 6.1, APIs: 4, Instructions: 101COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00402F08
                                                                                                                                                                                                      • Part of subcall function 00402B04: MultiByteToWideChar.KERNEL32(00000020,00000000,00000024,?,00000000,?,?,00000020,00000024,00000000,00402E66,?,?,00000000,00000000,00000000), ref: 00402B36
                                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00402E75
                                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00402E90
                                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00402E98
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2546432228.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546415924.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546451744.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546468385.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546484548.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ??3@$ByteCharMultiWide
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1731127917-0
                                                                                                                                                                                                    • Opcode ID: 40547eccd8cc46b9ce6e63df0a08723ac82a013a06524bbcda7c7baf18969fb4
                                                                                                                                                                                                    • Instruction ID: 1cb3068dceb16179bed37d7bcba6770f4cb49ce50885e45661cd5ff88b0b85c6
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 40547eccd8cc46b9ce6e63df0a08723ac82a013a06524bbcda7c7baf18969fb4
                                                                                                                                                                                                    • Instruction Fuzzy Hash: F3319172844119AADB04FBA6DD469EF73B8EF40318F10443FF857B25E1EA7CA9448698
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00404571 Relevance: 6.1, APIs: 4, Instructions: 66COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetTempPathW.KERNEL32(00000001,00000000,00000002,00000000,00406D34,00000000,?,?,00405397,?,7ZSfx%03x.cmd), ref: 00404594
                                                                                                                                                                                                    • GetTempPathW.KERNEL32(00000001,00000000,00000001,?,?,00405397,?,7ZSfx%03x.cmd), ref: 004045B1
                                                                                                                                                                                                    • wsprintfW.USER32 ref: 004045E7
                                                                                                                                                                                                    • GetFileAttributesW.KERNEL32(?), ref: 00404602
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2546432228.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546415924.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546451744.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546468385.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546484548.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: PathTemp$AttributesFilewsprintf
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1746483863-0
                                                                                                                                                                                                    • Opcode ID: 82427edfe5bfc4f19eec22ff1e03e6e09f811527fc585024896cf2e26f26031f
                                                                                                                                                                                                    • Instruction ID: 38ee7099452fd1027c0558441710595ee25a108be248788551c438e886588400
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 82427edfe5bfc4f19eec22ff1e03e6e09f811527fc585024896cf2e26f26031f
                                                                                                                                                                                                    • Instruction Fuzzy Hash: DB112472100204BFD7119F59DC84AADB7F8FF84354F10802EF905972E1DBB9A950CB98
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 0040C2CE Relevance: 6.1, APIs: 4, Instructions: 58COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2546432228.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546415924.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546451744.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546468385.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546484548.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ??2@??3@ExceptionThrowmemcpy
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3462485524-0
                                                                                                                                                                                                    • Opcode ID: e35e2fcde5cebdb1bdfbc3790ab06a107399000894f53a8827949261d48e50b2
                                                                                                                                                                                                    • Instruction ID: a52cf72bba6676f7490f1024090531b7bd79135e1d2ccc858ac5def135e82823
                                                                                                                                                                                                    • Opcode Fuzzy Hash: e35e2fcde5cebdb1bdfbc3790ab06a107399000894f53a8827949261d48e50b2
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7211E572600304ABCB289F56C9C1D5BF7E9AB84350710CA3FF919E7681C775E8864758
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00408A2F Relevance: 6.1, APIs: 4, Instructions: 57COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                      • Part of subcall function 004071EC: GetDlgItem.USER32(?,?), ref: 004071F8
                                                                                                                                                                                                      • Part of subcall function 00407209: GetDlgItem.USER32(?,?), ref: 00407216
                                                                                                                                                                                                      • Part of subcall function 00407209: ShowWindow.USER32(00000000,?), ref: 0040722D
                                                                                                                                                                                                    • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 00408A77
                                                                                                                                                                                                    • SHGetFileInfoW.SHELL32(?,00000000,?,000002B4,00000103), ref: 00408A97
                                                                                                                                                                                                    • GetDlgItem.USER32(?,000004B7), ref: 00408AAA
                                                                                                                                                                                                    • SetWindowLongW.USER32(00000000,000000FC,Function_00007852), ref: 00408AB8
                                                                                                                                                                                                      • Part of subcall function 004086FE: GetModuleHandleW.KERNEL32(00000000,00000065,000004B7,?,?,?,?,?,00408AC8), ref: 00408727
                                                                                                                                                                                                      • Part of subcall function 004086FE: LoadIconW.USER32(00000000), ref: 0040872A
                                                                                                                                                                                                      • Part of subcall function 004086FE: GetSystemMetrics.USER32(00000032), ref: 0040873E
                                                                                                                                                                                                      • Part of subcall function 004086FE: GetSystemMetrics.USER32(00000031), ref: 00408743
                                                                                                                                                                                                      • Part of subcall function 004086FE: GetModuleHandleW.KERNEL32(00000000,00000065,00000001,00000000,?,?,?,?,?,00408AC8), ref: 0040874C
                                                                                                                                                                                                      • Part of subcall function 004086FE: LoadImageW.USER32(00000000), ref: 0040874F
                                                                                                                                                                                                      • Part of subcall function 004086FE: SendMessageW.USER32(?,00000080,00000001,?), ref: 0040876F
                                                                                                                                                                                                      • Part of subcall function 004086FE: SendMessageW.USER32(?,00000080,00000000,00000000), ref: 00408778
                                                                                                                                                                                                      • Part of subcall function 004086FE: GetDlgItem.USER32(?,000004B2), ref: 00408794
                                                                                                                                                                                                      • Part of subcall function 004086FE: GetDlgItem.USER32(?,000004B2), ref: 0040879E
                                                                                                                                                                                                      • Part of subcall function 004086FE: GetWindowLongW.USER32(?,000000F0), ref: 004087AA
                                                                                                                                                                                                      • Part of subcall function 004086FE: SetWindowLongW.USER32(?,000000F0,00000000), ref: 004087B9
                                                                                                                                                                                                      • Part of subcall function 004086FE: GetDlgItem.USER32(?,000004B5), ref: 004087C7
                                                                                                                                                                                                      • Part of subcall function 004086FE: GetDlgItem.USER32(?,000004B5), ref: 004087D5
                                                                                                                                                                                                      • Part of subcall function 004086FE: GetWindowLongW.USER32(?,000000F0), ref: 004087E1
                                                                                                                                                                                                      • Part of subcall function 004086FE: SetWindowLongW.USER32(?,000000F0,00000000), ref: 004087F0
                                                                                                                                                                                                      • Part of subcall function 00407BBF: GetDlgItem.USER32(?,000004B6), ref: 00407BCC
                                                                                                                                                                                                      • Part of subcall function 00407BBF: SetFocus.USER32(00000000,?,?,00407CB3,000004B6,?), ref: 00407BD3
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2546432228.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546415924.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546451744.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546468385.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546484548.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Item$Window$Long$System$HandleLoadMessageMetricsModuleSend$DirectoryFileFocusIconImageInfoShow
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3043669009-0
                                                                                                                                                                                                    • Opcode ID: 1f0e94b95f020d3b8e77b37237e9aadbc50514f1cf521aa7691f1bf8f68bcbb1
                                                                                                                                                                                                    • Instruction ID: 89f3b88826d8887572c5d6fe444f9f02d0f5d57ef80b66f4cb10b8e9da8ac73b
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1f0e94b95f020d3b8e77b37237e9aadbc50514f1cf521aa7691f1bf8f68bcbb1
                                                                                                                                                                                                    • Instruction Fuzzy Hash: BA11A975E403146BCB10EBA99C09FDA77FCAB84704F10447FB652E32D1DAB8E9408758
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 004070CA Relevance: 6.1, APIs: 4, Instructions: 56COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • SystemParametersInfoW.USER32(00000029,000001F4,?,00000000), ref: 004070F1
                                                                                                                                                                                                    • GetSystemMetrics.USER32(00000031), ref: 00407117
                                                                                                                                                                                                    • CreateFontIndirectW.GDI32(?), ref: 00407126
                                                                                                                                                                                                    • DeleteObject.GDI32(00000000), ref: 00407155
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2546432228.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546415924.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546451744.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546468385.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546484548.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: System$CreateDeleteFontIndirectInfoMetricsObjectParameters
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1900162674-0
                                                                                                                                                                                                    • Opcode ID: ee45daaef24bc28aa4936f7b9027f65fc4e36ca63f23fb62e3441661ca62ae1a
                                                                                                                                                                                                    • Instruction ID: 7ca149eb978450d9eaaa00a785ca09fbf38d10ddd3a5f9416087942f21ed5d96
                                                                                                                                                                                                    • Opcode Fuzzy Hash: ee45daaef24bc28aa4936f7b9027f65fc4e36ca63f23fb62e3441661ca62ae1a
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 601133B5A00205EFDB149F94DC88FEAB7B8EB44300F0580AAED15A7391DB74AE44CB54
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00408589 Relevance: 6.0, APIs: 4, Instructions: 47COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • ScreenToClient.USER32(?,?), ref: 004085C3
                                                                                                                                                                                                    • GetClientRect.USER32(?,?), ref: 004085D5
                                                                                                                                                                                                    • PtInRect.USER32(?,?,?), ref: 004085E4
                                                                                                                                                                                                      • Part of subcall function 00407FEB: KillTimer.USER32(?,00000001,?,004085F9), ref: 00407FF9
                                                                                                                                                                                                    • CallNextHookEx.USER32(?,?,?), ref: 00408606
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2546432228.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546415924.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546451744.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546468385.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546484548.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ClientRect$CallHookKillNextScreenTimer
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3015594791-0
                                                                                                                                                                                                    • Opcode ID: 67cc68fca27d81dcad1998da31b7a21cb57a8bde74af4e36de8cdfd47b2d5014
                                                                                                                                                                                                    • Instruction ID: a9507084e86a50c26018d12a95ccdb9cd04dbf8e5f515733648f13949fbe8a17
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 67cc68fca27d81dcad1998da31b7a21cb57a8bde74af4e36de8cdfd47b2d5014
                                                                                                                                                                                                    • Instruction Fuzzy Hash: B1012931200109EFDB10AFA9EE44EEB7BA5FF44340B04843EF946A62A1DF35E851DB59
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00404148 Relevance: 6.0, APIs: 4, Instructions: 41COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                      • Part of subcall function 00403116: GetWindowTextLengthW.USER32(?), ref: 00403127
                                                                                                                                                                                                      • Part of subcall function 00403116: GetWindowTextW.USER32(004031A0,00000000,00000001), ref: 00403144
                                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00404194
                                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 0040419C
                                                                                                                                                                                                    • SetWindowTextW.USER32(?,?), ref: 004041A9
                                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 004041B4
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2546432228.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546415924.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546451744.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546468385.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546484548.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ??3@TextWindow$Length
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2308334395-0
                                                                                                                                                                                                    • Opcode ID: 2605b28efd450ab0e0b1451baf9b217d640d98c8982da0dc6bf1a84c0e245a29
                                                                                                                                                                                                    • Instruction ID: 8203e9935672bf19afbfd2d9b02dfcce5b04130e2821ee87a37bdffe64818393
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2605b28efd450ab0e0b1451baf9b217d640d98c8982da0dc6bf1a84c0e245a29
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 00F0FF72D0410CBACF01BFA1DD46CDE7BB8AE04348F10446AF505B20A1EB75AA948794
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00407945 Relevance: 6.0, APIs: 4, Instructions: 34windowCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetObjectW.GDI32(?,0000005C,?), ref: 00407960
                                                                                                                                                                                                    • CreateFontIndirectW.GDI32(?), ref: 00407976
                                                                                                                                                                                                    • GetDlgItem.USER32(?,000004B5), ref: 0040798A
                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000030,00000000,00000000), ref: 00407996
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2546432228.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546415924.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546451744.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546468385.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546484548.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CreateFontIndirectItemMessageObjectSend
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2001801573-0
                                                                                                                                                                                                    • Opcode ID: cf5f9feb201e3eb52ad9ab8d19ded081f29c03fbfabb12ca70d1e47154dfdd2c
                                                                                                                                                                                                    • Instruction ID: 6a17f5e8e35155f57439c70a91428e418c09d7387c40aa3fbc77a88a27bb5ba5
                                                                                                                                                                                                    • Opcode Fuzzy Hash: cf5f9feb201e3eb52ad9ab8d19ded081f29c03fbfabb12ca70d1e47154dfdd2c
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8DF054B1900704ABE7205BA9DD09FC77FBCAB84B01F048039BA11E21D5DBB4E401CA29
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00401DB9 Relevance: 6.0, APIs: 4, Instructions: 28COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetParent.USER32(?), ref: 00401DBE
                                                                                                                                                                                                    • GetWindowRect.USER32(?,?), ref: 00401DD7
                                                                                                                                                                                                    • ScreenToClient.USER32(00000000,?), ref: 00401DE5
                                                                                                                                                                                                    • ScreenToClient.USER32(00000000,?), ref: 00401DEC
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2546432228.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546415924.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546451744.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546468385.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546484548.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ClientScreen$ParentRectWindow
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2099118873-0
                                                                                                                                                                                                    • Opcode ID: 9ac7bb66e59a287b07c9635548890c60333ad6437c4a5ad200794121c1393770
                                                                                                                                                                                                    • Instruction ID: f8f94db76321b844ec6104e6d5447e13ac28992312c2680a702f521ad6fa1c41
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9ac7bb66e59a287b07c9635548890c60333ad6437c4a5ad200794121c1393770
                                                                                                                                                                                                    • Instruction Fuzzy Hash: CAE086722042166BD7105BE5FC88C8B7FBDEFC5766700447AF94592130C7309C10DA71
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 004111D9 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 243COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                      • Part of subcall function 00410B43: ??2@YAPAXI@Z.MSVCRT ref: 00410B48
                                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 0041130A
                                                                                                                                                                                                      • Part of subcall function 0040D5B6: ??2@YAPAXI@Z.MSVCRT ref: 0040D5C9
                                                                                                                                                                                                      • Part of subcall function 0040D5B6: memmove.MSVCRT ref: 0040D5E3
                                                                                                                                                                                                      • Part of subcall function 0040D5B6: ??3@YAXPAX@Z.MSVCRT ref: 0040D5F3
                                                                                                                                                                                                    • ??2@YAPAXI@Z.MSVCRT ref: 00411342
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2546432228.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546415924.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546451744.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546468385.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546484548.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ??2@$??3@$memmove
                                                                                                                                                                                                    • String ID: t]A
                                                                                                                                                                                                    • API String ID: 4294387087-2725727105
                                                                                                                                                                                                    • Opcode ID: f31868b8816ab1d5768a5aa1898c6c2ac220f134d47644713b6d5cf43657dd11
                                                                                                                                                                                                    • Instruction ID: 81c2ab0cc22745a9f4371f108cdfb949ce4a1963edcd174408460c6a5bfcd2f6
                                                                                                                                                                                                    • Opcode Fuzzy Hash: f31868b8816ab1d5768a5aa1898c6c2ac220f134d47644713b6d5cf43657dd11
                                                                                                                                                                                                    • Instruction Fuzzy Hash: DEB1D2B1900218DFCB14DF9AC8909DDBBB4BF58348F50813EF919A7261DB38A989CF54
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00407ECD Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2546432228.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546415924.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546451744.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546468385.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546484548.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ??3@wsprintf
                                                                                                                                                                                                    • String ID: (%d%s)
                                                                                                                                                                                                    • API String ID: 3815514257-2087557067
                                                                                                                                                                                                    • Opcode ID: d0161d1fbd31c55a70403007823b4b5f32969b85c509a12034915785b45328b1
                                                                                                                                                                                                    • Instruction ID: 8a36046f79fd413c4cbdc181e856807dfed79737d16026c8b1b8b17132c7f2e7
                                                                                                                                                                                                    • Opcode Fuzzy Hash: d0161d1fbd31c55a70403007823b4b5f32969b85c509a12034915785b45328b1
                                                                                                                                                                                                    • Instruction Fuzzy Hash: E5F09671800218AFCF11BB55DD46EDEB7B8AF00308F1045BBB512B14E2DAB5A6548A58
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 004044AC Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 7windowCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • MessageBoxA.USER32(00000000,Could not allocate memory,7-Zip SFX,00000010), ref: 004044BA
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2546432228.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546415924.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546451744.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546468385.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.2546484548.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Message
                                                                                                                                                                                                    • String ID: 7-Zip SFX$Could not allocate memory
                                                                                                                                                                                                    • API String ID: 2030045667-3806377612
                                                                                                                                                                                                    • Opcode ID: 330f658d4037a0d44fb23f8f268cc4495736feb570957682d21f2dac55989a64
                                                                                                                                                                                                    • Instruction ID: 752229e11c10a15970a66ffa1679a9ec66b8eca087eb26f5146150477e14d876
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 330f658d4037a0d44fb23f8f268cc4495736feb570957682d21f2dac55989a64
                                                                                                                                                                                                    • Instruction Fuzzy Hash: BBB011B03C0B0CBAE20003A08C0BFC020A00BC8F83F220822BA28EE0C0EAC800E0A00C
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Execution Graph

                                                                                                                                                                                                    Execution Coverage:4.2%
                                                                                                                                                                                                    Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                    Signature Coverage:2.9%
                                                                                                                                                                                                    Total number of Nodes:2000
                                                                                                                                                                                                    Total number of Limit Nodes:9
                                                                                                                                                                                                    execution_graph 70675 841000 70723 883f70 70675->70723 70677 841027 70733 8459e4 70677->70733 70680 84103e 70964 845a0e 486 API calls 70680->70964 70681 84104f _strlen 70738 845a43 70681->70738 70683 841045 70965 9794aa 70683->70965 70688 841319 70689 84107f 70750 8aa1d0 70689->70750 70693 8410f5 70763 890ee0 70693->70763 70697 84113b 70816 88ba00 70697->70816 70699 8411f5 70924 899df0 70699->70924 70700 84117f 70700->70699 70844 88bec0 70700->70844 70706 8411b4 70867 885860 70706->70867 70711 8411d9 70888 88c2a0 70711->70888 70724 883f83 70723->70724 70725 884016 70723->70725 70726 9793de 3 API calls 70724->70726 70725->70677 70727 883f8a 70726->70727 70728 9793de 3 API calls 70727->70728 70729 883fa3 GetCommandLineW 70728->70729 70730 88400d 70729->70730 70731 883ff3 70729->70731 70972 884020 40 API calls 3 library calls 70730->70972 70731->70730 70973 850acc 70733->70973 70736 841037 70736->70680 70736->70681 71003 8a8410 70738->71003 70743 8a81c0 70744 8a81e3 70743->70744 70745 8a8215 CoInitializeEx 70743->70745 72909 97940e RaiseException EnterCriticalSection LeaveCriticalSection 70744->72909 70745->70689 70747 8a81ef 70748 8a8201 70747->70748 72910 8de940 6 API calls __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 70747->72910 70748->70745 70751 8aa255 70750->70751 70752 8aa202 70750->70752 70756 9794aa __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 70751->70756 70753 8aa278 FileTimeToSystemTime 70752->70753 70754 8aa228 FileTimeToSystemTime 70752->70754 70753->70751 70754->70751 70755 8aa243 SystemTimeToTzSpecificLocalTime 70754->70755 70755->70751 70757 8410ce 70756->70757 70758 8987e0 70757->70758 72911 898840 70758->72911 70761 9794aa __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 70762 898829 70761->70762 70762->70693 70772 890f17 70763->70772 70764 890f3a TryAcquireSRWLockExclusive 70764->70772 70765 890f1c 72974 8a33c0 180 API calls 2 library calls 70765->72974 70766 9794e7 __Init_thread_header 6 API calls 70766->70772 70768 890f24 70769 9794aa __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 70768->70769 70785 841118 70769->70785 70770 9793de 3 API calls 70770->70772 70771 891071 ReleaseSRWLockExclusive 70771->70772 70772->70764 70772->70765 70772->70766 70772->70770 70772->70771 70773 97955d __Init_thread_footer 5 API calls 70772->70773 70774 891152 ReleaseSRWLockExclusive 70772->70774 70775 889e40 35 API calls 70772->70775 70776 89121f 70772->70776 70777 89115d 70772->70777 70778 8911e7 70772->70778 70782 887db0 23 API calls 70772->70782 72975 8a1500 188 API calls 2 library calls 70772->72975 70773->70772 70774->70777 70775->70772 70779 887db0 23 API calls 70776->70779 70780 9794aa __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 70777->70780 70778->70776 72977 891520 37 API calls __floor_pentium4 70778->72977 70783 89122b ReleaseSRWLockExclusive 70779->70783 70780->70785 70787 89110b TryAcquireSRWLockExclusive 70782->70787 70783->70777 70794 888b80 70785->70794 70786 891213 70788 887db0 23 API calls 70786->70788 70787->70772 70789 89111d 70787->70789 70788->70776 70789->70774 72976 891520 37 API calls __floor_pentium4 70789->72976 70791 891143 70792 887db0 23 API calls 70791->70792 70793 89114f 70792->70793 70793->70774 70796 888bcf 70794->70796 70798 888e4b 70796->70798 70799 888c12 70796->70799 70809 888c17 __fread_nolock 70796->70809 72983 880494 23 API calls 70798->72983 70802 888e54 70799->70802 70804 888c4a 70799->70804 70799->70809 70801 888ce0 70805 887cd0 35 API calls 70801->70805 70806 98d9b4 _unexpected 34 API calls 70802->70806 70803 888cc7 70807 887cd0 35 API calls 70803->70807 70808 9793de 3 API calls 70804->70808 70815 888d16 70805->70815 70810 888e59 70806->70810 70812 888cd0 70807->70812 70808->70809 72978 8821f0 70809->72978 70811 9794aa __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 70813 888e3f 70811->70813 70812->70811 70813->70697 72982 881878 23 API calls __fread_nolock 70815->72982 70817 88ba18 70816->70817 72990 884730 70817->72990 70820 88ba36 70821 88bb9b 70820->70821 70823 9793de 3 API calls 70820->70823 70843 88babe 70820->70843 70822 884730 5 API calls 70822->70820 70824 88ba5c _strlen 70823->70824 70831 8847a0 23 API calls 70824->70831 70825 88bb85 70828 9794aa __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 70825->70828 70826 88baed CloseHandle 70829 88bb08 70826->70829 70830 88bb40 70826->70830 70827 88bb2f 70827->70830 70834 9793de 3 API calls 70827->70834 70832 88bb91 70828->70832 70829->70827 70835 881bbc 23 API calls 70830->70835 70833 88ba87 _strlen 70831->70833 70832->70700 70840 8847a0 23 API calls 70833->70840 70834->70830 70836 88bb66 70835->70836 70837 88bb80 70836->70837 70838 88bb79 DeleteFileW 70836->70838 72994 88bba0 70837->72994 70838->70837 70841 88baad 70840->70841 73031 8c6090 44 API calls __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 70841->73031 70843->70825 70843->70826 70843->70827 73037 86b046 70844->73037 70849 8c66b0 13 API calls 70850 88bf49 70849->70850 73043 88bf60 70850->73043 70853 841741 70854 841771 70853->70854 70855 84181d 70853->70855 70857 869db0 121 API calls 70854->70857 70862 84177e 70854->70862 70856 8419a0 121 API calls 70855->70856 70858 841825 70856->70858 70857->70862 70860 9794aa __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 70858->70860 70863 84182f 70860->70863 70861 841800 70861->70855 73199 86afea 121 API calls 70861->73199 70864 87bb88 10 API calls 70862->70864 70865 8417ad 70862->70865 70863->70706 70864->70865 73198 841840 8 API calls 2 library calls 70865->73198 70868 8813a0 23 API calls 70867->70868 70869 885896 70868->70869 73200 885960 70869->73200 70871 8858a2 73206 885c00 70871->73206 70874 885938 70877 9794aa __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 70874->70877 70876 885921 73219 881878 23 API calls __fread_nolock 70876->73219 70879 8411c9 70877->70879 70880 88cb30 70879->70880 70881 88cb6f 70880->70881 70882 88cb51 70880->70882 70883 841741 121 API calls 70881->70883 70882->70882 73223 8992e0 23 API calls 70882->73223 70884 88cbbf 70883->70884 70886 9794aa __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 70884->70886 70887 88cbe0 70886->70887 70887->70711 70889 88c2ef 70888->70889 70890 87bb88 10 API calls 70889->70890 70891 88c335 70890->70891 73224 86ab60 70891->73224 70894 869db0 121 API calls 70895 88c35d 70894->70895 70896 845604 23 API calls 70895->70896 70897 88c38a 70896->70897 70898 88c82d 70897->70898 70899 9793de 3 API calls 70897->70899 70906 88c397 70897->70906 70900 88c6d0 70899->70900 73251 8c92a0 50 API calls 2 library calls 70900->73251 70903 88c439 73242 9919a3 70903->73242 70904 88c6ec 73252 861c60 GetCurrentThreadId 70904->73252 70918 88c4d2 __fread_nolock 70906->70918 73232 9928cd 70906->73232 70908 88c44c 70909 88c4a9 70908->70909 70912 88c4c9 _strlen 70908->70912 70908->70918 73250 8c8870 121 API calls __fread_nolock 70909->73250 70910 9794e7 __Init_thread_header 6 API calls 70913 88c7c7 70910->70913 70912->70898 70914 8c66e0 12 API calls 70912->70914 70915 88c532 70913->70915 70916 97955d __Init_thread_footer 5 API calls 70913->70916 70919 88c64a 70914->70919 70915->70898 70915->70912 70917 9794e7 __Init_thread_header 6 API calls 70915->70917 70916->70915 70920 88c7ff 70917->70920 70918->70910 70918->70915 70922 9794aa __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 70919->70922 70920->70912 70921 97955d __Init_thread_footer 5 API calls 70920->70921 70921->70912 70923 88c69a 70922->70923 70923->70699 73289 8d3920 70924->73289 70926 899e14 73307 899e40 70926->73307 70964->70683 70966 9794b5 IsProcessorFeaturePresent 70965->70966 70967 9794b3 70965->70967 70969 97a343 70966->70969 70967->70688 73486 97a428 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 70969->73486 70971 97a426 70971->70688 70972->70725 70981 8847a0 70973->70981 70975 850afa _strlen 70977 850b2c 70975->70977 70989 88130a 23 API calls _strlen 70975->70989 70978 9794aa __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 70977->70978 70979 8459f1 70978->70979 70979->70736 70980 850dac 23 API calls 2 library calls 70979->70980 70980->70736 70982 8847e2 70981->70982 70983 8847fa 70982->70983 70990 8813a0 70982->70990 70985 88485b 70983->70985 71000 8992e0 23 API calls 70983->71000 70986 9794aa __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 70985->70986 70988 884896 70986->70988 70988->70975 70989->70977 70991 8813cc 70990->70991 70999 8813bc __fread_nolock 70990->70999 70992 881433 70991->70992 70993 8813d7 70991->70993 71001 880494 23 API calls 70992->71001 70995 88143a 70993->70995 70996 8813f4 70993->70996 70993->70999 71002 87ee4e 23 API calls 2 library calls 70995->71002 70998 9793de 3 API calls 70996->70998 70998->70999 70999->70983 71000->70985 71004 8a841c 71003->71004 71149 993723 71004->71149 71007 868004 71008 868023 71007->71008 71009 868a03 71008->71009 71010 8680e5 71008->71010 71013 86804c 71008->71013 71011 9794aa __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 71009->71011 71334 8846b0 35 API calls 71010->71334 71012 841064 71011->71012 71012->70743 71015 8680f6 71013->71015 71229 8846b0 35 API calls 71013->71229 71177 868d9c 71015->71177 71017 868072 71230 843696 71017->71230 71022 86808f 71324 880aa2 71022->71324 71025 86809b 71328 888610 71025->71328 71029 8683e2 71030 868413 71029->71030 71032 9794e7 __Init_thread_header 6 API calls 71029->71032 71338 8b11b0 121 API calls 71030->71338 71039 868a60 71032->71039 71034 868a20 71034->71029 71352 97955d EnterCriticalSection LeaveCriticalSection 71034->71352 71036 8681c3 71196 8b1148 71036->71196 71037 86841d 71043 868474 71037->71043 71044 9794e7 __Init_thread_header 6 API calls 71037->71044 71038 868182 _strlen 71038->71036 71041 880c44 23 API calls 71038->71041 71039->71030 71040 97955d __Init_thread_footer 5 API calls 71039->71040 71040->71030 71041->71036 71045 8b1148 50 API calls 71043->71045 71047 868aa0 71044->71047 71046 86847e 71045->71046 71053 9794e7 __Init_thread_header 6 API calls 71046->71053 71059 8684d5 _strlen 71046->71059 71047->71043 71049 97955d __Init_thread_footer 5 API calls 71047->71049 71048 8681ee 71199 880c44 71048->71199 71049->71043 71057 868ae0 71053->71057 71055 865d30 3 API calls 71056 868270 _strlen 71055->71056 71207 865d88 71056->71207 71058 97955d __Init_thread_footer 5 API calls 71057->71058 71057->71059 71058->71059 71060 86851e 71059->71060 71062 9794e7 __Init_thread_header 6 API calls 71059->71062 71339 845886 121 API calls __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 71060->71339 71064 868b20 71062->71064 71064->71060 71066 97955d __Init_thread_footer 5 API calls 71064->71066 71065 868528 71068 86857f 71065->71068 71069 9794e7 __Init_thread_header 6 API calls 71065->71069 71066->71060 71067 868289 _strlen 71070 8847a0 23 API calls 71067->71070 71340 8458db 121 API calls 71068->71340 71075 868b60 71069->71075 71072 8682c7 71070->71072 71073 868d9c 12 API calls 71072->71073 71074 8682cc 71073->71074 71213 8651b2 71074->71213 71075->71068 71076 97955d __Init_thread_footer 5 API calls 71075->71076 71076->71068 71078 8682df 71220 8c0180 71078->71220 71079 868589 71341 8846b0 35 API calls 71079->71341 71082 8682f4 71225 8c0322 71082->71225 71083 8685db 71084 8685fc 71083->71084 71085 9794e7 __Init_thread_header 6 API calls 71083->71085 71342 845916 35 API calls __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 71084->71342 71094 868ba0 71085->71094 71088 86830e 71089 86831c 71088->71089 71090 868328 71088->71090 71092 8651b2 23 API calls 71089->71092 71091 843696 121 API calls 71090->71091 71093 868326 71091->71093 71092->71093 71336 8c0607 5 API calls _strlen 71093->71336 71094->71084 71097 97955d __Init_thread_footer 5 API calls 71094->71097 71096 868602 _strlen 71099 868649 71096->71099 71100 9794e7 __Init_thread_header 6 API calls 71096->71100 71097->71084 71098 86833c 71337 8bac9c 8 API calls __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 71098->71337 71343 893850 23 API calls 2 library calls 71099->71343 71103 868be0 71100->71103 71103->71099 71105 97955d __Init_thread_footer 5 API calls 71103->71105 71104 868357 _strlen 71104->71029 71347 9794e7 EnterCriticalSection 71104->71347 71105->71099 71106 868659 71344 8a3040 180 API calls __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 71106->71344 71108 8686b7 71111 9794e7 __Init_thread_header 6 API calls 71108->71111 71117 8686df __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 71108->71117 71122 868702 71108->71122 71109 868759 GetCurrentProcess 71346 8a8b40 6 API calls __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 71109->71346 71110 9794e7 __Init_thread_header 6 API calls 71113 868c20 71110->71113 71118 868d26 71111->71118 71113->71109 71115 868c30 71113->71115 71114 868765 71116 843696 121 API calls 71114->71116 71120 97955d __Init_thread_footer 5 API calls 71115->71120 71123 86878e 71116->71123 71345 893cc0 23 API calls 3 library calls 71117->71345 71118->71117 71121 97955d __Init_thread_footer 5 API calls 71118->71121 71124 868c4e 71120->71124 71121->71117 71122->71109 71122->71110 71125 865d30 3 API calls 71123->71125 71124->71109 71126 8687db _strlen 71125->71126 71128 86882b 71126->71128 71129 9794e7 __Init_thread_header 6 API calls 71126->71129 71127 865d30 3 API calls 71132 868866 _strlen 71127->71132 71128->71127 71130 868c60 71129->71130 71130->71128 71131 97955d __Init_thread_footer 5 API calls 71130->71131 71131->71128 71133 868920 71132->71133 71134 86889a 71132->71134 71135 865d30 3 API calls 71133->71135 71136 9794e7 __Init_thread_header 6 API calls 71134->71136 71137 8688bb 71134->71137 71142 86893a _strlen 71135->71142 71138 868ca3 71136->71138 71139 9794e7 __Init_thread_header 6 API calls 71137->71139 71146 8688fd _strlen 71137->71146 71138->71137 71140 97955d __Init_thread_footer 5 API calls 71138->71140 71141 868ce6 71139->71141 71140->71137 71143 97955d __Init_thread_footer 5 API calls 71141->71143 71141->71146 71144 9794e7 __Init_thread_header 6 API calls 71142->71144 71142->71146 71143->71146 71145 868d66 71144->71145 71145->71146 71147 97955d __Init_thread_footer 5 API calls 71145->71147 71146->71009 71147->71146 71151 99372f CallCatchBlock 71149->71151 71150 993809 71172 997ce1 EnterCriticalSection 71150->71172 71151->71150 71156 993774 71151->71156 71165 993783 __fread_nolock _unexpected 71151->71165 71154 99381d 71155 993834 SetConsoleCtrlHandler 71154->71155 71161 993845 _unexpected 71154->71161 71157 99384e 71155->71157 71155->71161 71156->71165 71167 996fb1 11 API calls 2 library calls 71156->71167 71173 98a805 11 API calls __dosmaperr 71157->71173 71160 993853 GetLastError 71160->71161 71174 9938c0 LeaveCriticalSection _unexpected 71161->71174 71162 99378e 71162->71165 71168 8a8c30 71162->71168 71166 845a53 71165->71166 71175 993b3f 11 API calls __dosmaperr 71165->71175 71166->71007 71167->71162 71169 8a8c40 71168->71169 71170 8a8c65 71169->71170 71176 8dfa70 EnterCriticalSection LeaveCriticalSection ___std_exception_copy 71169->71176 71170->71165 71172->71154 71173->71160 71174->71165 71175->71166 71176->71169 71178 868da6 71177->71178 71181 868158 71178->71181 71357 88b640 7 API calls __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 71178->71357 71180 868dbf 71180->71181 71182 9793de 3 API calls 71180->71182 71185 869030 71181->71185 71183 868dcd 71182->71183 71358 88b700 10 API calls 71183->71358 71186 869057 71185->71186 71359 86724c 71186->71359 71189 86906f 71191 9794aa __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 71189->71191 71192 868160 71191->71192 71192->71104 71193 865d30 71192->71193 71813 8873d0 71193->71813 71816 898590 71196->71816 71200 880c54 _strlen 71199->71200 71887 880632 71200->71887 71202 86825d 71203 88060c 71202->71203 71204 880616 71203->71204 71205 868269 71203->71205 71206 880632 23 API calls 71204->71206 71205->71055 71206->71205 71208 865dbc 71207->71208 71212 865de9 71208->71212 71892 88130a 23 API calls _strlen 71208->71892 71210 9794aa __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 71211 865e65 71210->71211 71211->71067 71212->71210 71214 8651c2 71213->71214 71215 8651d8 __fread_nolock 71213->71215 71216 8651d3 71214->71216 71217 86522f 71214->71217 71215->71078 71216->71215 71219 9793de 3 API calls 71216->71219 71893 880494 23 API calls 71217->71893 71219->71215 71894 8bff91 71220->71894 71222 8c01bf 71223 9794aa __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 71222->71223 71224 8c01d3 71223->71224 71224->71082 71226 8c032d 71225->71226 71227 9793de 3 API calls 71226->71227 71228 8c033a __fread_nolock 71227->71228 71228->71088 71229->71017 71231 8436b2 _strlen 71230->71231 71232 843713 71231->71232 71233 8436ba 71231->71233 72903 880494 23 API calls 71232->72903 71236 9793de 3 API calls 71233->71236 71238 8436bf __fread_nolock 71233->71238 71236->71238 71238->71022 71325 880ab2 _strlen 71324->71325 71326 880920 23 API calls 71325->71326 71327 880abe 71326->71327 71327->71025 71329 88863a 71328->71329 71330 887cd0 35 API calls 71329->71330 71331 888648 71330->71331 71332 8680d2 71331->71332 72904 881bbc 71331->72904 71335 889d80 35 API calls __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 71332->71335 71334->71015 71335->71015 71336->71098 71337->71104 71338->71037 71339->71065 71340->71079 71341->71083 71342->71096 71343->71106 71344->71108 71345->71122 71346->71114 71349 9794fb 71347->71349 71350 979500 LeaveCriticalSection 71349->71350 72908 9795a7 SleepConditionVariableCS LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 71349->72908 71350->71034 71353 9795f5 71352->71353 71354 979611 SetEvent ResetEvent 71353->71354 71355 979600 WakeAllConditionVariable 71353->71355 71354->71029 71355->71029 71357->71180 71358->71181 71360 865d30 3 API calls 71359->71360 71361 867277 _strlen 71360->71361 71363 867300 71361->71363 71410 88a1d0 35 API calls __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 71361->71410 71383 867387 71363->71383 71364 8672c8 71411 867201 71364->71411 71370 8672d7 71370->71363 71372 8672ed 71370->71372 71371 887db0 23 API calls 71376 8672f5 71371->71376 71419 887db0 71372->71419 71375 867345 71375->71371 71375->71376 71377 9794aa __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 71376->71377 71378 86737d 71377->71378 71378->71189 71379 881510 71378->71379 71380 88151a 71379->71380 71381 88152e 71379->71381 71808 881536 71380->71808 71381->71189 71384 86740c 71383->71384 71386 8673bb 71383->71386 71385 9794e7 __Init_thread_header 6 API calls 71384->71385 71391 867416 71385->71391 71387 888b80 35 API calls 71386->71387 71389 8673e4 71386->71389 71387->71389 71388 9794aa __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 71390 86732b 71388->71390 71389->71388 71390->71376 71401 8a24e0 71390->71401 71391->71386 71423 867170 71391->71423 71396 86744e 71437 9799dd EnterCriticalSection LeaveCriticalSection 71396->71437 71397 867201 208 API calls 71397->71396 71399 867493 71400 97955d __Init_thread_footer 5 API calls 71399->71400 71400->71386 71402 8a2537 71401->71402 71664 89a440 71402->71664 71408 9794aa __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 71409 867338 71408->71409 71409->71375 71422 88a700 198 API calls 71409->71422 71410->71364 71412 867212 71411->71412 71413 86723a 71412->71413 71414 8a24e0 180 API calls 71412->71414 71413->71370 71415 86721f 71414->71415 71416 86722c 71415->71416 71806 88a700 198 API calls 71415->71806 71416->71413 71807 8a1500 188 API calls 2 library calls 71416->71807 71420 881510 23 API calls 71419->71420 71421 887dbe 71420->71421 71421->71376 71422->71375 71424 8671a1 _strlen 71423->71424 71438 8848b0 71424->71438 71427 867201 208 API calls 71428 8671bd 71427->71428 71429 9794aa __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 71428->71429 71430 8671f7 71429->71430 71430->71396 71431 8674d0 71430->71431 71432 8674e1 71431->71432 71433 8674e6 71431->71433 71480 845a70 71432->71480 71492 8475b0 71433->71492 71435 867461 71435->71396 71435->71397 71437->71399 71439 8848dc 71438->71439 71440 8813a0 23 API calls 71439->71440 71441 8848f1 71439->71441 71440->71441 71446 887cd0 71441->71446 71443 884931 71444 9794aa __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 71443->71444 71445 8671b4 71444->71445 71445->71427 71447 887cdf 71446->71447 71454 887d04 __fread_nolock 71446->71454 71448 887d81 71447->71448 71449 887cff 71447->71449 71460 880494 23 API calls 71448->71460 71451 887d88 71449->71451 71452 887d29 71449->71452 71449->71454 71461 98d9b4 71451->71461 71456 9793de 3 API calls 71452->71456 71453 887d78 71453->71443 71454->71453 71459 881dd6 23 API calls CatchIt 71454->71459 71456->71454 71459->71453 71472 9936fc 71461->71472 71464 98d9c4 71465 98d9ce IsProcessorFeaturePresent 71464->71465 71466 98d9ed 71464->71466 71468 98d9da 71465->71468 71475 987ba9 71466->71475 71479 98be76 8 API calls 3 library calls 71468->71479 71473 993c1a _unexpected EnterCriticalSection LeaveCriticalSection 71472->71473 71474 98d9b9 71473->71474 71474->71464 71478 9938e2 34 API calls 4 library calls 71474->71478 71476 987cba _unexpected 16 API calls 71475->71476 71477 887d8d 71476->71477 71478->71464 71479->71466 71481 845ab3 71480->71481 71482 845a9e 71480->71482 71484 9794e7 __Init_thread_header 6 API calls 71481->71484 71483 9794aa __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 71482->71483 71485 845aa8 71483->71485 71486 845abd 71484->71486 71485->71433 71486->71482 71487 9793de 3 API calls 71486->71487 71488 845ad0 71487->71488 71510 845b20 71488->71510 71490 97955d __Init_thread_footer 5 API calls 71490->71482 71491 845aed 71491->71490 71573 846470 71492->71573 71494 8475c1 71495 847675 71494->71495 71496 8475ed 71494->71496 71620 880494 23 API calls 71495->71620 71498 84767c 71496->71498 71499 84760a 71496->71499 71502 8475f7 __fread_nolock 71496->71502 71500 98d9b4 _unexpected 34 API calls 71498->71500 71501 9793de 3 API calls 71499->71501 71505 847681 71500->71505 71501->71502 71503 847669 71502->71503 71619 881878 23 API calls __fread_nolock 71502->71619 71503->71435 71509 8476da 71505->71509 71585 85fbfa 71505->71585 71506 9794aa __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 71508 847714 71506->71508 71508->71435 71509->71506 71515 845d00 71510->71515 71513 9794aa __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 71514 845b53 71513->71514 71514->71491 71516 845d39 71515->71516 71517 890ee0 194 API calls 71516->71517 71519 845d6b 71517->71519 71519->71519 71521 888b80 35 API calls 71519->71521 71534 845dc2 71519->71534 71522 845db5 71521->71522 71535 8a2320 71522->71535 71523 9794aa __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 71525 845b49 71523->71525 71525->71513 71527 888610 35 API calls 71528 845dd2 71527->71528 71529 888b80 35 API calls 71528->71529 71530 845e06 71529->71530 71531 8a2320 180 API calls 71530->71531 71532 845e0c 71531->71532 71533 888610 35 API calls 71532->71533 71532->71534 71533->71534 71544 845e80 71534->71544 71536 8a2377 71535->71536 71537 89a440 177 API calls 71536->71537 71538 8a2388 GetFileAttributesW 71537->71538 71540 89a4b0 169 API calls 71538->71540 71541 8a23a4 71540->71541 71542 9794aa __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 71541->71542 71543 845dbb 71542->71543 71543->71527 71543->71534 71545 9793de RaiseException EnterCriticalSection LeaveCriticalSection 71544->71545 71546 845e9c 71545->71546 71572 851ea0 207 API calls 71546->71572 71547 845ec4 71548 846280 IsProcessorFeaturePresent SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 71547->71548 71549 845ecb 71548->71549 71550 8b11b0 121 API calls 71549->71550 71551 845ed4 71550->71551 71552 899420 35 API calls 71551->71552 71553 845ef0 _strlen 71552->71553 71554 899420 35 API calls 71553->71554 71555 845f16 71554->71555 71556 881a38 23 API calls 71555->71556 71557 845f25 71556->71557 71558 881878 23 API calls 71557->71558 71559 845f67 _strlen 71558->71559 71560 899420 35 API calls 71559->71560 71561 84608a 71560->71561 71563 8b11b0 121 API calls 71561->71563 71571 84616a 71561->71571 71562 881a38 23 API calls 71564 846193 71562->71564 71565 846100 71563->71565 71566 9794aa __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 71564->71566 71568 899420 35 API calls 71565->71568 71567 845e4f 71566->71567 71567->71523 71569 84611c 71568->71569 71570 881878 23 API calls 71569->71570 71570->71571 71571->71562 71572->71547 71574 846497 71573->71574 71584 84657c 71573->71584 71577 888b80 35 API calls 71574->71577 71575 9794aa __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 71576 84661f 71575->71576 71576->71494 71578 8464f7 71577->71578 71621 88a590 71578->71621 71580 846526 71580->71584 71631 852ea0 121 API calls __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 71580->71631 71582 846559 71582->71584 71632 85238c 23 API calls 71582->71632 71584->71575 71586 85fc28 71585->71586 71588 85fc3c 71585->71588 71587 888b80 35 API calls 71586->71587 71587->71588 71589 85fc5b 71588->71589 71590 85fc8a 71588->71590 71591 888b80 35 API calls 71589->71591 71592 85fcb5 71590->71592 71593 85fc92 71590->71593 71594 85fc6c 71591->71594 71595 890ee0 194 API calls 71592->71595 71660 899420 35 API calls _unexpected 71593->71660 71599 9794aa __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 71594->71599 71597 85fcd0 71595->71597 71601 843696 121 API calls 71597->71601 71610 85fdf3 71597->71610 71598 85fe38 _strlen 71661 899420 35 API calls _unexpected 71598->71661 71600 85fc80 71599->71600 71600->71509 71603 85fcf3 _strlen 71601->71603 71655 897bc0 23 API calls __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 71603->71655 71606 85ff80 71608 85febc 71606->71608 71663 881ea8 23 API calls CatchIt 71606->71663 71607 85fd1f _strlen 71656 897bc0 23 API calls __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 71607->71656 71608->71594 71609 887cd0 35 API calls 71608->71609 71609->71594 71610->71608 71662 85f8e0 24 API calls 2 library calls 71610->71662 71613 85fd4a 71657 85f9f0 121 API calls 71613->71657 71615 85fd5a 71658 897bc0 23 API calls __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 71615->71658 71617 85fd7d 71659 889d80 35 API calls __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 71617->71659 71619->71503 71622 88a5a0 71621->71622 71633 889e40 71622->71633 71628 88a5e3 71654 991850 71 API calls 4 library calls 71628->71654 71630 88a5ee 71630->71580 71631->71582 71632->71584 71637 889e5f 71633->71637 71634 887fc0 35 API calls 71638 889e8a 71634->71638 71635 9794aa __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 71636 88a0f7 71635->71636 71636->71630 71639 8a3180 71636->71639 71637->71634 71637->71638 71638->71635 71640 8a31d6 71639->71640 71641 89a440 177 API calls 71640->71641 71643 8a31e5 _strlen 71641->71643 71642 898e60 23 API calls 71644 8a3215 71642->71644 71643->71642 71645 881cfa 23 API calls 71644->71645 71646 8a3244 71645->71646 71647 9903cc 92 API calls 71646->71647 71648 8a325f 71647->71648 71649 89a4b0 169 API calls 71648->71649 71650 8a327f 71649->71650 71651 9794aa __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 71650->71651 71652 88a5d1 71651->71652 71652->71630 71653 88a330 189 API calls 3 library calls 71652->71653 71653->71628 71654->71630 71655->71607 71656->71613 71657->71615 71658->71617 71659->71610 71660->71598 71661->71610 71662->71606 71663->71608 71679 8dbd10 71664->71679 71667 89a473 71668 9794aa __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 71667->71668 71670 89a47e GetFileAttributesW 71668->71670 71671 89a4b0 71670->71671 71672 89a4e8 71671->71672 71673 89a4d0 71671->71673 71782 89a5b0 162 API calls 2 library calls 71672->71782 71761 8dc080 71673->71761 71677 9794aa __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 71678 89a4e2 71677->71678 71678->71408 71680 8dbd35 71679->71680 71683 8dbd7c 71679->71683 71734 88b640 7 API calls __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 71680->71734 71682 8dbd3f 71682->71683 71735 89b630 28 API calls 71682->71735 71690 8dbde8 71683->71690 71737 88b640 7 API calls __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 71683->71737 71686 8dbd66 71736 88b700 10 API calls 71686->71736 71687 8dbdab 71687->71690 71738 89b630 28 API calls 71687->71738 71717 8c88c0 71690->71717 71691 8dbdd2 71739 88b700 10 API calls 71691->71739 71695 8dbeba 71722 89b5f0 TlsGetValue 71695->71722 71698 8dbe78 71698->71695 71741 89b630 28 API calls 71698->71741 71702 8dbed2 71704 8dbedb 71702->71704 71743 912ce0 11 API calls 2 library calls 71702->71743 71703 8dbea4 71742 88b700 10 API calls 71703->71742 71707 8dbf1e 71704->71707 71709 8dbeeb 71704->71709 71713 8dbf13 71704->71713 71707->71713 71745 8dbfe0 35 API calls __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 71707->71745 71709->71713 71744 8dbb10 11 API calls 2 library calls 71709->71744 71711 9794aa __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 71712 89a46a 71711->71712 71712->71667 71716 89a770 162 API calls 3 library calls 71712->71716 71715 8dbf83 71713->71715 71746 8c7de0 123 API calls __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 71713->71746 71715->71711 71716->71667 71747 8c7be0 71717->71747 71720 9794aa __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 71721 8c8912 71720->71721 71721->71695 71740 88b640 7 API calls __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 71721->71740 71723 89b60b 71722->71723 71724 89b614 71722->71724 71723->71724 71757 89b3c0 25 API calls 4 library calls 71723->71757 71726 923fd0 71724->71726 71727 923fdf 71726->71727 71729 92402b 71726->71729 71758 88b640 7 API calls __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 71727->71758 71729->71702 71730 923fe9 71730->71729 71759 89b630 28 API calls 71730->71759 71732 924015 71760 88b700 10 API calls 71732->71760 71734->71682 71735->71686 71736->71683 71737->71687 71738->71691 71739->71690 71740->71698 71741->71703 71742->71695 71743->71704 71745->71713 71746->71715 71748 8c7c03 71747->71748 71754 8c7c27 71747->71754 71755 89b250 TlsGetValue 71748->71755 71750 9794aa __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 71751 8c7cd6 71750->71751 71751->71720 71752 8c7c08 71752->71754 71756 8c7eb0 138 API calls 71752->71756 71754->71750 71755->71752 71756->71754 71757->71724 71758->71730 71759->71732 71760->71729 71783 8c66b0 71761->71783 71763 8dc0af 71764 8dc106 71763->71764 71797 88b640 7 API calls __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 71763->71797 71766 89b5f0 26 API calls 71764->71766 71768 8dc11b 71766->71768 71767 8dc0c4 71767->71764 71798 89b630 28 API calls 71767->71798 71788 8c66e0 SetLastError 71768->71788 71771 8dc0f0 71799 88b700 10 API calls 71771->71799 71775 8dc135 71781 8dc174 71775->71781 71800 8db750 35 API calls 2 library calls 71775->71800 71776 9794aa __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 71777 89a4d7 71776->71777 71777->71677 71779 8dc160 71779->71781 71801 8dbb10 11 API calls 2 library calls 71779->71801 71791 8c7cf0 71781->71791 71782->71673 71802 98a7f2 71783->71802 71786 98a7f2 __dosmaperr 11 API calls 71787 8c66c4 GetLastError SetLastError 71786->71787 71787->71763 71789 98a7f2 __dosmaperr 11 API calls 71788->71789 71790 8c66f6 71789->71790 71790->71775 71792 8c7d05 71791->71792 71793 8c7d96 71791->71793 71792->71793 71794 8c7d1e TryAcquireSRWLockExclusive 71792->71794 71793->71776 71796 8c7d36 71794->71796 71795 8c7d8d ReleaseSRWLockExclusive 71795->71793 71796->71795 71797->71767 71798->71771 71799->71764 71800->71779 71805 996fb1 11 API calls 2 library calls 71802->71805 71804 8c66bb 71804->71786 71805->71804 71806->71416 71807->71413 71809 88154c 71808->71809 71811 881579 CatchIt 71809->71811 71812 88190e 23 API calls __fread_nolock 71809->71812 71811->71381 71812->71811 71814 9793de 3 API calls 71813->71814 71815 865d3c 71814->71815 71815->71038 71821 8985f0 71816->71821 71819 9794aa __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 71820 8985d9 71819->71820 71820->71048 71822 898626 __fread_nolock 71821->71822 71823 8c66b0 13 API calls 71822->71823 71824 898654 71823->71824 71842 97eea9 71824->71842 71826 8986b8 71846 880920 71826->71846 71827 89867a 71833 8986a0 71827->71833 71845 97ee85 46 API calls 71827->71845 71829 8986bf 71832 8c66e0 12 API calls 71829->71832 71830 9793de 3 API calls 71839 8986d0 __fread_nolock 71830->71839 71834 8987c5 71832->71834 71833->71826 71833->71829 71833->71839 71835 9794aa __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 71834->71835 71836 8985cc 71835->71836 71836->71819 71837 97eea9 46 API calls 71837->71839 71838 8987a1 71840 880920 23 API calls 71838->71840 71839->71829 71839->71830 71839->71837 71839->71838 71850 97ee85 46 API calls 71839->71850 71840->71829 71851 97f401 71842->71851 71844 97eecb 71844->71827 71845->71833 71847 880934 71846->71847 71849 880967 __fread_nolock 71847->71849 71886 8809ae 23 API calls __fread_nolock 71847->71886 71849->71829 71850->71839 71852 97f422 71851->71852 71853 97f40d 71851->71853 71856 97f433 71852->71856 71859 97f456 71852->71859 71854 98a7f2 __dosmaperr 11 API calls 71853->71854 71855 97f412 71854->71855 71882 98be02 22 API calls ___std_exception_copy 71855->71882 71858 98a7f2 __dosmaperr 11 API calls 71856->71858 71881 97f43c 71856->71881 71861 97f4e0 71858->71861 71862 98a7f2 __dosmaperr 11 API calls 71859->71862 71860 97f41d 71860->71844 71885 98be02 22 API calls ___std_exception_copy 71861->71885 71863 97f45b 71862->71863 71865 97f495 71863->71865 71866 97f468 71863->71866 71884 981946 46 API calls 4 library calls 71865->71884 71883 981946 46 API calls 4 library calls 71866->71883 71869 97f47a 71871 97f482 71869->71871 71872 97f4cf 71869->71872 71870 97f4a7 71870->71872 71874 97f4b9 71870->71874 71873 98a7f2 __dosmaperr 11 API calls 71871->71873 71877 98a7f2 __dosmaperr 11 API calls 71872->71877 71872->71881 71875 97f487 71873->71875 71876 98a7f2 __dosmaperr 11 API calls 71874->71876 71879 98a7f2 __dosmaperr 11 API calls 71875->71879 71875->71881 71878 97f4be 71876->71878 71877->71861 71880 98a7f2 __dosmaperr 11 API calls 71878->71880 71878->71881 71879->71881 71880->71881 71881->71844 71882->71860 71883->71869 71884->71870 71885->71881 71886->71849 71888 880648 71887->71888 71890 880675 CatchIt 71888->71890 71891 8809ae 23 API calls __fread_nolock 71888->71891 71890->71202 71891->71890 71892->71212 71895 8bffb4 71894->71895 71922 8bf782 71895->71922 71899 8bffee __fread_nolock 72014 8fc768 71899->72014 71901 8c0035 GetCurrentProcessId 72017 893aa0 71901->72017 71903 8c0045 __fread_nolock 71904 8fc768 3 API calls 71903->71904 71905 8c007b 71904->71905 72027 8c1ee0 71905->72027 71907 8c0095 __fread_nolock 71908 8fc768 3 API calls 71907->71908 71909 8c00cb 71908->71909 71910 9793de 3 API calls 71909->71910 71911 8c0163 71909->71911 71912 8c0103 71910->71912 71913 9794aa __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 71911->71913 72030 907b42 71912->72030 71914 8c0178 71913->71914 71914->71222 71916 8c0123 72033 8c0242 71916->72033 71920 8c015c 72064 8c0353 121 API calls __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 71920->72064 71923 8bf7b2 71922->71923 71924 8873d0 3 API calls 71923->71924 71925 8bf7d5 71924->71925 71926 8bf7ea 71925->71926 71927 8bfb16 71925->71927 72009 869030 243 API calls 71926->72009 71929 8bfb3f 71927->71929 71930 8bfb6c 71927->71930 71928 8bf802 71933 887cd0 35 API calls 71928->71933 71936 8bf828 71928->71936 71931 8c01db 14 API calls 71929->71931 72008 8bfdf1 71930->72008 72065 866204 71930->72065 71934 8bfb44 71931->71934 71933->71936 72151 898e60 71934->72151 71937 8bf860 71936->71937 71945 8bf8a1 71936->71945 71939 887cd0 35 API calls 71937->71939 71949 8bf878 71939->71949 71941 8bfc9f 71943 843696 121 API calls 71941->71943 71946 8bfcaf 71943->71946 71944 843696 121 API calls 71947 8bfbf3 71944->71947 71953 8bf896 71945->71953 71958 8bf8f2 71945->71958 71950 880aa2 23 API calls 71946->71950 71952 8668a0 35 API calls 71947->71952 71948 9794aa __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 71955 8bfecd 71948->71955 72138 8a2df0 198 API calls __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 71949->72138 71956 8bfcbb 71950->71956 71986 8bfbfd 71952->71986 71953->71945 71954 887cd0 35 API calls 71953->71954 71962 8bfed8 71953->71962 71954->71958 72010 8fc50c 71955->72010 72071 8668a0 71956->72071 71957 8bf920 72140 8804ce 71957->72140 72139 8bf1b4 309 API calls 3 library calls 71958->72139 71964 8bfedb 71962->71964 71963 843696 121 API calls 71963->71986 71965 8bfce3 72078 8c01db 71965->72078 71968 8bf9b8 71972 866204 23 API calls 71968->71972 71969 8bf93b __fread_nolock 71969->71968 71973 8bf976 GetModuleFileNameW 71969->71973 71971 880920 23 API calls 71971->71986 71975 8bf9e7 71972->71975 71973->71964 71976 8bf98e 71973->71976 71974 8bfd45 71984 8c01db 14 API calls 71974->71984 71978 8bf9ef 71975->71978 71979 8bfb74 71975->71979 71983 887cd0 35 API calls 71976->71983 71977 8668a0 35 API calls 71977->71986 71980 843696 121 API calls 71978->71980 71981 888610 35 API calls 71979->71981 71982 8bf9ff 71980->71982 71985 8bfb8c 71981->71985 71987 880aa2 23 API calls 71982->71987 71983->71968 71988 8bfd58 71984->71988 71989 888b80 35 API calls 71985->71989 71986->71941 71986->71963 71986->71971 71986->71977 71990 8bfa0b 71987->71990 72148 8bc49e 23 API calls 71988->72148 72001 8bfafb 71989->72001 71992 8668a0 35 API calls 71990->71992 71995 8bfa34 71992->71995 71993 8bfd60 72149 8992e0 23 API calls 71993->72149 71996 843696 121 API calls 71995->71996 72005 8bfabc 71995->72005 71998 8bfa7c 71996->71998 71997 843696 121 API calls 71999 8bfaee 71997->71999 72002 880920 23 API calls 71998->72002 72000 8668a0 35 API calls 71999->72000 72000->72001 72001->71930 72003 8bfa94 72002->72003 72004 8668a0 35 API calls 72003->72004 72004->72005 72005->71997 72006 8bfd79 72150 8510fe 5 API calls __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 72006->72150 72008->71948 72009->71928 72011 8fc515 72010->72011 72012 9793de 3 API calls 72011->72012 72013 8fc523 72011->72013 72012->72013 72013->71899 72015 8fc50c 3 API calls 72014->72015 72016 8fc779 72015->72016 72016->71901 72018 893ae0 72017->72018 72018->72018 72019 893b22 72018->72019 72020 893b94 72018->72020 72022 9793de 3 API calls 72019->72022 72024 893b27 __fread_nolock 72019->72024 72631 880494 23 API calls 72020->72631 72022->72024 72025 9794aa __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 72024->72025 72026 893b8a 72025->72026 72026->71903 72632 8a8690 72027->72632 72641 9073d8 72030->72641 72034 8c02b5 72033->72034 72037 8c025d 72033->72037 72035 9794aa __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 72034->72035 72036 8c0142 72035->72036 72039 90880a 72036->72039 72842 90870c 72037->72842 72040 908358 136 API calls 72039->72040 72041 908853 72040->72041 72042 9088a0 72041->72042 72044 9087cc 126 API calls 72041->72044 72043 9088c8 72042->72043 72057 908893 72042->72057 72045 908358 136 API calls 72043->72045 72046 908873 72044->72046 72051 908915 72045->72051 72046->72043 72047 908882 72046->72047 72049 93a9da 125 API calls 72047->72049 72048 9794aa __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 72050 9088bc 72048->72050 72052 90888a 72049->72052 72050->71920 72054 9087cc 126 API calls 72051->72054 72063 908951 72051->72063 72055 926537 128 API calls 72052->72055 72053 908986 72056 908931 72054->72056 72055->72057 72056->72053 72059 93a9da 125 API calls 72056->72059 72057->72048 72058 9794aa __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 72060 90897a 72058->72060 72061 908948 72059->72061 72060->71920 72062 926537 128 API calls 72061->72062 72062->72063 72063->72053 72063->72058 72064->71911 72066 866221 72065->72066 72067 866253 72065->72067 72157 845706 RaiseException EnterCriticalSection LeaveCriticalSection 72066->72157 72067->71941 72067->71944 72069 866232 72069->72067 72070 8804ce 23 API calls 72069->72070 72070->72069 72072 8668e9 72071->72072 72077 8668c6 72071->72077 72073 8669fb 72072->72073 72158 844170 35 API calls _unexpected 72072->72158 72075 9794aa __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 72076 8669f1 72075->72076 72076->71965 72077->72075 72079 8bfd0d 72078->72079 72080 8c0204 72078->72080 72086 8bad1e GetCurrentProcessId 72079->72086 72081 9794e7 __Init_thread_header 6 API calls 72080->72081 72082 8c020e 72081->72082 72082->72079 72083 9793de 3 API calls 72082->72083 72084 8c0221 72083->72084 72085 97955d __Init_thread_footer 5 API calls 72084->72085 72085->72079 72087 898590 50 API calls 72086->72087 72091 8bad61 72087->72091 72089 898e60 23 API calls 72089->72091 72091->72089 72092 8bb0ca 72091->72092 72096 8baeae 72091->72096 72101 8baedd 72091->72101 72159 8fc868 72091->72159 72164 8fcb18 72091->72164 72369 8fc794 72091->72369 72093 98d9b4 _unexpected 34 API calls 72092->72093 72097 8bb0cf 72093->72097 72094 8baefd CreateEventW CreateEventW CreateEventW 72172 8bb0cf 72094->72172 72386 8dd580 122 API calls 72096->72386 72389 8fcdd8 GetVersion 72097->72389 72101->72094 72102 8baf57 SetUnhandledExceptionFilter 72105 993723 13 API calls 72102->72105 72103 8baec6 72110 841741 121 API calls 72103->72110 72107 8baf6e 72105->72107 72106 9793de 3 API calls 72108 8bb0e7 72106->72108 72109 9793de 3 API calls 72107->72109 72108->71974 72111 8baf78 72109->72111 72110->72101 72112 8804ce 23 API calls 72111->72112 72113 8bafb6 72112->72113 72177 8bc972 72113->72177 72116 866204 23 API calls 72117 8baff1 72116->72117 72183 844418 72117->72183 72119 8baffc 72120 8813a0 23 API calls 72119->72120 72121 8bb007 72120->72121 72122 8bb023 CreateThread 72121->72122 72123 8bb0a1 72121->72123 72387 8bb0fc 177 API calls 2 library calls 72122->72387 72187 8bb18d 72123->72187 72126 8bb0ad 72127 9794aa __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 72126->72127 72129 8bb0be 72127->72129 72128 8bb046 72128->72126 72130 8bb093 72128->72130 72388 88c840 GetLastError 72128->72388 72129->71974 72130->72126 72138->71953 72139->71957 72141 8804fa 72140->72141 72147 8804ea __fread_nolock 72140->72147 72142 880502 72141->72142 72143 880554 72141->72143 72145 9793de 3 API calls 72142->72145 72142->72147 72623 880494 23 API calls 72143->72623 72145->72147 72147->71969 72148->71993 72149->72006 72150->72008 72624 898ac0 72151->72624 72154 9794aa __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 72155 898ea9 72154->72155 72156 8bc3b6 142 API calls __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 72155->72156 72156->72008 72157->72069 72158->72077 72160 8fc87f 72159->72160 72163 8fc89b 72160->72163 72412 891b70 72160->72412 72418 8806ea 72160->72418 72163->72091 72165 8fcb49 GetVersion 72164->72165 72170 8fcb73 CreateNamedPipeW 72164->72170 72166 8fcb5e 72165->72166 72165->72170 72433 8fcbc3 72166->72433 72169 9794aa __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 72171 8fcbb9 72169->72171 72170->72169 72171->72091 72173 8fcdd8 129 API calls 72172->72173 72174 8bb0dd 72173->72174 72175 9793de 3 API calls 72174->72175 72176 8bb0e7 72175->72176 72176->72102 72178 8bc9ba 72177->72178 72182 8bc992 72177->72182 72179 9794aa __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 72178->72179 72180 8bafe6 72179->72180 72180->72116 72182->72178 72467 8bc9ce 23 API calls __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 72182->72467 72184 844435 72183->72184 72186 844446 72183->72186 72468 845706 RaiseException EnterCriticalSection LeaveCriticalSection 72184->72468 72186->72119 72188 8bb1b1 72187->72188 72191 8bc36e 72188->72191 72469 8fcf24 72188->72469 72190 8bb23b 72193 843696 121 API calls 72190->72193 72208 8bb287 72190->72208 72192 98d9b4 _unexpected 34 API calls 72191->72192 72195 8bc385 72192->72195 72196 8bb263 72193->72196 72194 898e60 23 API calls 72205 8bb1d6 72194->72205 72566 8bcc9a 23 API calls __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 72196->72566 72197 843696 121 API calls 72200 8bb2d6 72197->72200 72199 8fcf24 23 API calls 72199->72205 72567 8bcc9a 23 API calls __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 72200->72567 72201 8bb276 72204 8fcf24 23 API calls 72201->72204 72202 843696 121 API calls 72206 8bb349 72202->72206 72204->72208 72205->72190 72205->72194 72205->72199 72568 8bcc9a 23 API calls __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 72206->72568 72207 8bb2e9 72210 8fcf24 23 API calls 72207->72210 72208->72197 72212 8bb2fa 72208->72212 72210->72212 72211 8bb35c 72214 8fcf24 23 API calls 72211->72214 72212->72202 72219 8bb36d 72212->72219 72214->72219 72215 8bb643 GetCurrentProcessId OpenProcess 72217 8bb65f 72215->72217 72225 8bb71f 72215->72225 72216 898e60 23 API calls 72220 8bb3cc 72216->72220 72473 8fd35e 72217->72473 72218 843696 121 API calls 72245 8bb5c5 72218->72245 72219->72216 72256 8bb404 72219->72256 72222 843696 121 API calls 72220->72222 72227 8bb3e2 72222->72227 72224 880920 23 API calls 72224->72256 72226 8bb776 72225->72226 72573 88c840 GetLastError 72225->72573 72584 8bcc1a 128 API calls 72226->72584 72569 8bcc9a 23 API calls __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 72227->72569 72229 8fcf24 23 API calls 72229->72245 72232 8bb3f3 72237 8fcf24 23 API calls 72232->72237 72233 843696 121 API calls 72238 8bb6d4 72233->72238 72237->72256 72244 880920 23 API calls 72238->72244 72239 898e60 23 API calls 72239->72256 72240 8bbd4f 72242 9794aa __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 72240->72242 72247 8bbd5d 72242->72247 72249 8bb6f3 72244->72249 72245->72215 72245->72218 72245->72229 72572 8bcc9a 23 API calls __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 72245->72572 72246 843696 121 API calls 72246->72256 72247->72126 72253 898e60 23 API calls 72249->72253 72252 8fcf24 23 API calls 72252->72256 72254 8bb792 72253->72254 72255 8fcf24 23 API calls 72254->72255 72258 8bb7a3 72255->72258 72256->72224 72256->72239 72256->72245 72256->72246 72256->72252 72570 84fbc0 23 API calls __fread_nolock 72256->72570 72571 8bcc9a 23 API calls __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 72256->72571 72257 8bb7fa GetStdHandle GetStdHandle GetStdHandle 72259 8bb8bf 72257->72259 72260 8bc2d7 72257->72260 72258->72257 72263 9794e7 __Init_thread_header 6 API calls 72259->72263 72267 8bb8e0 72259->72267 72261 9794e7 __Init_thread_header 6 API calls 72260->72261 72262 8bc2e1 72261->72262 72262->72259 72264 8bc2f1 72262->72264 72265 8bc326 72263->72265 72587 8fd41c LoadLibraryW GetProcAddress 72264->72587 72265->72267 72270 8bc33f 72265->72270 72271 8bc355 72265->72271 72268 8bb968 72267->72268 72272 8bb9a6 GetLastError 72267->72272 72283 8bb919 72267->72283 72280 8bb99f 72268->72280 72574 881444 23 API calls __fread_nolock 72268->72574 72269 8bc302 72273 97955d __Init_thread_footer 5 API calls 72269->72273 72588 8fd41c LoadLibraryW GetProcAddress 72270->72588 72275 97955d __Init_thread_footer 5 API calls 72271->72275 72276 8bb9b5 72272->72276 72291 8bbc72 72272->72291 72277 8bc314 72273->72277 72275->72267 72284 8bb9be InitializeProcThreadAttributeList 72276->72284 72277->72259 72278 8bc350 72278->72271 72281 8bbabd CreateProcessW 72280->72281 72285 8bbae7 CloseHandle 72281->72285 72295 8bbc15 72281->72295 72282 8bba45 72575 9900e1 43 API calls 3 library calls 72282->72575 72287 88bec0 121 API calls 72283->72287 72351 8bb963 72283->72351 72288 8bb9de 72284->72288 72289 8bbd67 72284->72289 72290 8bbafd 72285->72290 72293 8bb945 72287->72293 72477 8bcfe4 72288->72477 72289->72351 72585 88c840 GetLastError 72289->72585 72302 8bbb3c 72290->72302 72576 88c840 GetLastError 72290->72576 72291->72351 72582 88c840 GetLastError 72291->72582 72297 841741 121 API calls 72293->72297 72295->72351 72580 88c840 GetLastError 72295->72580 72304 8bb959 72297->72304 72299 8bbcdd 72306 8bcfe4 14 API calls 72299->72306 72303 8bbb57 CloseHandle 72302->72303 72577 88ca90 123 API calls __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 72302->72577 72330 8bbb6d 72303->72330 72312 88c2a0 121 API calls 72304->72312 72313 8bbce9 72306->72313 72312->72351 72318 8bbcf3 72313->72318 72318->72313 72583 8fc79e 123 API calls __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 72318->72583 72323 8bbba6 72328 8bbbbe 72323->72328 72579 88ca90 123 API calls __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 72323->72579 72495 8bc8a0 72328->72495 72329 8bba0a 72329->72191 72338 9793de 3 API calls 72329->72338 72343 8bba18 __fread_nolock 72329->72343 72330->72323 72578 88c840 GetLastError 72330->72578 72335 8bbd1a 72335->72226 72338->72343 72342 8bbbd9 72507 8fc8a4 72342->72507 72343->72191 72347 8bbe90 __fread_nolock 72343->72347 72349 9793de 3 API calls 72343->72349 72347->72191 72352 8bbf80 __fread_nolock 72347->72352 72354 9793de 3 API calls 72347->72354 72349->72347 72351->72191 72351->72299 72352->72191 72355 8bc076 __fread_nolock 72352->72355 72357 9793de 3 API calls 72352->72357 72354->72352 72355->72191 72360 9793de 3 API calls 72355->72360 72362 8bc164 __fread_nolock 72355->72362 72357->72355 72358 8bc248 72359 8bce6a 166 API calls 72358->72359 72361 8bc256 72359->72361 72360->72362 72363 8bce6a 166 API calls 72361->72363 72555 8bce6a 72362->72555 72364 8bc264 UpdateProcThreadAttribute 72363->72364 72364->72268 72365 8bc292 72364->72365 72365->72351 72370 926537 72369->72370 72599 93ac0e FindCloseChangeNotification 72370->72599 72373 926549 72373->72091 72375 9265cf 72376 9794aa __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 72375->72376 72377 9265d9 72376->72377 72377->72091 72378 926576 72378->72375 72619 88c840 GetLastError 72378->72619 72386->72103 72387->72128 72390 8fce99 InitializeCriticalSection 72389->72390 72391 8fce08 72389->72391 72392 8fce92 72390->72392 72391->72390 72393 8fce16 72391->72393 72394 9794aa __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 72392->72394 72395 8fce37 InitializeCriticalSectionEx 72393->72395 72397 9794e7 __Init_thread_header 6 API calls 72393->72397 72396 8bb0dd 72394->72396 72395->72392 72401 8fce4b 72395->72401 72396->72106 72398 8fcec3 72397->72398 72398->72395 72399 8fced3 72398->72399 72622 8fd41c LoadLibraryW GetProcAddress 72399->72622 72401->72392 72621 88c840 GetLastError 72401->72621 72403 8fcee4 72405 97955d __Init_thread_footer 5 API calls 72403->72405 72407 8fcef6 72405->72407 72407->72395 72414 891bb4 __aullrem 72412->72414 72415 891bfb __aullrem 72414->72415 72422 8a9a00 72414->72422 72416 9794aa __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 72415->72416 72417 891c19 72416->72417 72417->72160 72419 8806f9 72418->72419 72420 880732 __fread_nolock 72418->72420 72419->72420 72432 880ac4 23 API calls __fread_nolock 72419->72432 72420->72160 72423 8a9a0a SystemFunction036 72422->72423 72424 8a9a17 72422->72424 72423->72424 72425 8a9a19 72423->72425 72424->72414 72426 8a9a8d __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 72425->72426 72427 8a9a4f GetSystemTimeAsFileTime 72425->72427 72428 8a9b7d 72426->72428 72430 8a9af7 GetSystemTimeAsFileTime 72426->72430 72427->72426 72429 9794aa __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 72428->72429 72431 8a9c66 72429->72431 72430->72426 72431->72414 72432->72420 72435 8fcbe5 72433->72435 72434 8fcdd2 72435->72434 72436 8fcc0a 72435->72436 72437 9794e7 __Init_thread_header 6 API calls 72435->72437 72440 9794aa __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 72436->72440 72438 8fcc56 72437->72438 72438->72436 72439 8fcc62 ConvertStringSecurityDescriptorToSecurityDescriptorW 72438->72439 72441 8fcc8d BuildExplicitAccessWithNameW BuildSecurityDescriptorW 72439->72441 72447 8fcd55 72439->72447 72442 8fcc42 72440->72442 72443 8fcd53 72441->72443 72444 8fcd03 SetLastError 72441->72444 72442->72170 72446 8fcd98 72443->72446 72466 926608 125 API calls __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 72443->72466 72445 8fcd13 72444->72445 72445->72443 72464 88c840 GetLastError 72445->72464 72449 97955d __Init_thread_footer 5 API calls 72446->72449 72447->72446 72465 88c840 GetLastError 72447->72465 72449->72436 72466->72446 72467->72182 72468->72186 72470 8fcf38 72469->72470 72472 8fcfaf 72470->72472 72589 881878 23 API calls __fread_nolock 72470->72589 72472->72205 72474 8fd38d 72473->72474 72475 898590 50 API calls 72474->72475 72476 8bb6c4 72475->72476 72476->72233 72478 8bb9f0 72477->72478 72479 8bcff0 72477->72479 72488 8bcdde 72478->72488 72480 8bd00f DeleteProcThreadAttributeList 72479->72480 72481 9794e7 __Init_thread_header 6 API calls 72479->72481 72480->72478 72482 8bd02b 72481->72482 72482->72480 72483 8bd037 72482->72483 72590 8fd41c LoadLibraryW GetProcAddress 72483->72590 72485 8bd048 72486 97955d __Init_thread_footer 5 API calls 72485->72486 72487 8bd05a 72486->72487 72487->72480 72489 8bcdfa 72488->72489 72494 8bce17 __fread_nolock 72488->72494 72490 8bce02 72489->72490 72491 8bce65 72489->72491 72492 9793de 3 API calls 72490->72492 72493 98d9b4 _unexpected 34 API calls 72491->72493 72492->72494 72493->72491 72494->72329 72496 8bc8b2 72495->72496 72497 8bc8bc 72495->72497 72498 8bc8d1 72496->72498 72499 8bc8b6 72496->72499 72497->72342 72501 98d9b4 _unexpected 34 API calls 72498->72501 72500 8fc794 128 API calls 72499->72500 72500->72497 72502 8bc8d6 __fread_nolock 72501->72502 72591 8bc770 128 API calls __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 72502->72591 72504 8bc95e 72505 9794aa __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 72504->72505 72506 8bc968 72505->72506 72506->72342 72508 8fc8c3 72507->72508 72509 8fc8cd CreateFileW 72508->72509 72513 8fc911 WaitNamedPipeW 72508->72513 72510 8fc95e SetNamedPipeHandleState 72509->72510 72511 8fc8f6 GetLastError 72509->72511 72512 8fc980 TransactNamedPipe 72510->72512 72515 8fca73 72510->72515 72511->72508 72518 8fca25 72511->72518 72520 8fc9a3 72512->72520 72522 8fcaac 72512->72522 72513->72508 72526 8fc91e 72513->72526 72514 8fca20 72516 8fc794 128 API calls 72514->72516 72515->72514 72596 88c840 GetLastError 72515->72596 72517 8fca6c 72516->72517 72525 9794aa __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 72517->72525 72518->72517 72595 88c840 GetLastError 72518->72595 72520->72514 72529 88bec0 121 API calls 72520->72529 72522->72514 72597 88c840 GetLastError 72522->72597 72531 8fcb0b 72525->72531 72526->72517 72592 88c840 GetLastError 72526->72592 72535 8fc9dd 72529->72535 72531->72351 72539 841741 121 API calls 72535->72539 72541 8fc9f0 72539->72541 72556 8bce83 GetFileType 72555->72556 72559 8bce7b __fread_nolock 72555->72559 72558 8bce96 72556->72558 72556->72559 72557 8bcf6e 72561 98d9b4 _unexpected 34 API calls 72557->72561 72558->72557 72558->72559 72560 8bcf09 72558->72560 72559->72358 72562 9793de 3 API calls 72560->72562 72563 8bcf7a 72561->72563 72562->72559 72598 8bacee 177 API calls 2 library calls 72563->72598 72565 8bcf8b 72565->72358 72566->72201 72567->72207 72568->72211 72569->72232 72570->72256 72571->72256 72572->72245 72574->72282 72575->72280 72577->72303 72579->72328 72583->72335 72584->72240 72587->72269 72588->72278 72589->72472 72590->72485 72591->72504 72598->72565 72601 93ac38 72599->72601 72600 93ac7f 72602 9794aa __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 72600->72602 72601->72600 72620 88c840 GetLastError 72601->72620 72603 926542 72602->72603 72603->72373 72611 93a51e ReadFile 72603->72611 72612 93a596 GetLastError 72611->72612 72614 93a55d 72611->72614 72613 93a5a8 72612->72613 72615 9794aa __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 72613->72615 72616 93a5c6 72613->72616 72614->72613 72618 93a578 ReadFile 72614->72618 72617 93a5b7 72615->72617 72617->72378 72618->72612 72618->72614 72622->72403 72627 898ae1 72624->72627 72625 898ae8 72626 9794aa __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 72625->72626 72628 898e4e 72626->72628 72627->72625 72630 881690 23 API calls __fread_nolock 72627->72630 72628->72154 72630->72625 72633 8a8704 72632->72633 72640 8a86c2 72632->72640 72634 9794e7 __Init_thread_header 6 API calls 72633->72634 72635 8a870e 72634->72635 72637 8a871a GetNativeSystemInfo 72635->72637 72635->72640 72636 9794aa __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 72638 8a86fc 72636->72638 72639 97955d __Init_thread_footer 5 API calls 72637->72639 72638->71907 72639->72640 72640->72636 72642 9793de 3 API calls 72641->72642 72643 9073eb 72642->72643 72646 90526e 72643->72646 72647 905290 72646->72647 72648 905297 72646->72648 72662 905307 72647->72662 72683 905423 72648->72683 72651 905295 72652 9052e4 72651->72652 72653 888b80 35 API calls 72651->72653 72654 9794aa __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 72652->72654 72655 9052b2 72653->72655 72656 9052fb 72654->72656 72657 905307 126 API calls 72655->72657 72656->71916 72658 9052b9 72657->72658 72658->72652 72659 888b80 35 API calls 72658->72659 72660 9052dc 72659->72660 72713 9082ae 72660->72713 72663 905327 72662->72663 72664 905329 CreateDirectoryW 72662->72664 72663->72664 72665 90540a 72664->72665 72666 90533c GetLastError 72664->72666 72667 9794aa __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 72665->72667 72668 905349 72666->72668 72671 905353 72666->72671 72669 905416 72667->72669 72670 9794aa __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 72668->72670 72669->72651 72670->72671 72671->72665 72725 88c840 GetLastError 72671->72725 72684 905443 72683->72684 72685 905445 GetFileAttributesW 72683->72685 72684->72685 72687 905514 72685->72687 72690 905455 72685->72690 72686 9794aa __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 72688 9055c6 72686->72688 72712 90550f 72687->72712 72727 88c840 GetLastError 72687->72727 72688->72651 72692 88bec0 121 API calls 72690->72692 72690->72712 72693 905488 72692->72693 72695 841741 121 API calls 72693->72695 72697 90549b 72695->72697 72726 8992e0 23 API calls 72697->72726 72702 9054bb 72704 841741 121 API calls 72702->72704 72706 9054da 72704->72706 72708 841741 121 API calls 72706->72708 72709 9054ea 72708->72709 72711 88c2a0 121 API calls 72709->72711 72711->72712 72712->72686 72714 887db0 23 API calls 72713->72714 72715 9082d7 72714->72715 72728 908358 72715->72728 72717 908354 72719 908323 72721 9794aa __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 72719->72721 72723 908348 72721->72723 72723->72652 72726->72702 72729 908392 72728->72729 72730 908388 72728->72730 72791 93a5fd 72729->72791 72733 9083d8 72730->72733 72794 93a829 72730->72794 72746 90848b 72733->72746 72811 90898a 72733->72811 72735 9083bb 72835 908aa8 136 API calls 2 library calls 72735->72835 72740 9083d0 72740->72733 72745 93a5fd CreateFileW 72740->72745 72741 90845c 72839 908aa8 136 API calls 2 library calls 72741->72839 72742 9083ae 72742->72735 72749 8fc794 128 API calls 72742->72749 72750 9083ec 72745->72750 72747 908509 72746->72747 72751 9084e9 72746->72751 72753 93a9da 125 API calls 72746->72753 72748 90844f 72748->72741 72754 8fc794 128 API calls 72748->72754 72749->72735 72752 90840b 72750->72752 72836 93a927 125 API calls __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 72750->72836 72755 9794aa __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 72751->72755 72837 908aa8 136 API calls 2 library calls 72752->72837 72757 9084e0 72753->72757 72754->72741 72759 908300 72755->72759 72761 926537 128 API calls 72757->72761 72759->72717 72759->72719 72763 93a9da UnlockFileEx 72759->72763 72760 9083fe 72760->72752 72762 8fc794 128 API calls 72760->72762 72761->72751 72762->72752 72764 93aa67 72763->72764 72766 93aa21 72763->72766 72765 9794aa __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 72764->72765 72767 90831a 72765->72767 72766->72764 72840 88c840 GetLastError 72766->72840 72775 926537 72767->72775 72776 93ac0e 125 API calls 72775->72776 72777 926542 72776->72777 72778 926549 72777->72778 72779 93a51e 8 API calls 72777->72779 72778->72719 72783 926576 72779->72783 72780 9265cf 72781 9794aa __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 72780->72781 72782 9265d9 72781->72782 72782->72719 72783->72780 72841 88c840 GetLastError 72783->72841 72792 93a5c9 CreateFileW 72791->72792 72793 90839c 72792->72793 72793->72735 72834 93a927 125 API calls __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 72793->72834 72795 93a5c9 CreateFileW 72794->72795 72797 93a853 72795->72797 72796 93a910 72798 9794aa __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 72796->72798 72797->72796 72799 88c840 GetLastError 72797->72799 72800 90843d 72798->72800 72801 93a878 72799->72801 72800->72741 72838 93a927 125 API calls __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 72800->72838 72802 88c9e0 121 API calls 72801->72802 72803 93a890 72802->72803 72804 841741 121 API calls 72803->72804 72805 93a8a3 72804->72805 72806 8992e0 23 API calls 72805->72806 72807 93a8c7 72806->72807 72808 841741 121 API calls 72807->72808 72809 93a8eb 72808->72809 72810 88ca90 123 API calls 72809->72810 72810->72796 72812 93aa84 125 API calls 72811->72812 72813 9089ae 72812->72813 72814 908a8c 72813->72814 72816 9089c2 72813->72816 72817 9089cd 72813->72817 72815 9794aa __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 72814->72815 72818 908a98 72815->72818 72819 926443 128 API calls 72816->72819 72820 9263fd 128 API calls 72817->72820 72818->72746 72821 9089cb 72819->72821 72820->72821 72821->72814 72822 908a3c 72821->72822 72823 9089e9 72821->72823 72822->72814 72824 88bec0 121 API calls 72822->72824 72823->72814 72825 88bec0 121 API calls 72823->72825 72826 908a63 72824->72826 72827 908a20 72825->72827 72828 841741 121 API calls 72826->72828 72829 841741 121 API calls 72827->72829 72830 908a33 72828->72830 72829->72830 72831 86a3e0 121 API calls 72830->72831 72832 908a85 72831->72832 72833 88c2a0 121 API calls 72832->72833 72833->72814 72834->72742 72835->72740 72836->72760 72837->72730 72838->72748 72839->72733 72843 908358 136 API calls 72842->72843 72844 908755 72843->72844 72853 908794 72844->72853 72854 9087cc 72844->72854 72845 9087c9 72848 9794aa __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 72850 9087bd 72848->72850 72849 93a9da 125 API calls 72851 90878b 72849->72851 72850->72034 72852 926537 128 API calls 72851->72852 72852->72853 72853->72845 72853->72848 72861 93aa84 SetFilePointerEx 72854->72861 72857 908774 72857->72845 72857->72849 72862 93aaff 72861->72862 72863 93ab0f 72861->72863 72864 9794aa __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 72862->72864 72863->72862 72900 88c840 GetLastError 72863->72900 72865 9087de 72864->72865 72865->72857 72873 93ab75 72865->72873 72874 93aa84 125 API calls 72873->72874 72875 93ab98 72874->72875 72876 93abf6 72875->72876 72877 93ab9f SetEndOfFile 72875->72877 72878 9794aa __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 72876->72878 72877->72876 72880 93abac 72877->72880 72879 9087eb 72878->72879 72879->72857 72888 926489 72879->72888 72880->72876 72901 88c840 GetLastError 72880->72901 72892 9264b8 72888->72892 72889 92651a 72890 9794aa __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 72889->72890 72891 92652a 72890->72891 72891->72857 72892->72889 72902 88c840 GetLastError 72892->72902 72905 881bcc 72904->72905 72906 881536 23 API calls 72905->72906 72907 881bd8 72906->72907 72907->71332 72908->71349 72909->70747 72910->70748 72912 898876 __fread_nolock 72911->72912 72913 8c66b0 13 API calls 72912->72913 72914 8988a4 72913->72914 72932 97eddb 72914->72932 72916 8988f0 72917 898908 72916->72917 72922 89890f 72916->72922 72928 898920 __fread_nolock 72916->72928 72936 881878 23 API calls __fread_nolock 72917->72936 72919 8988ca 72919->72916 72935 97edb7 45 API calls 72919->72935 72921 8c66e0 12 API calls 72924 898a25 72921->72924 72922->72921 72923 9793de 3 API calls 72923->72928 72925 9794aa __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 72924->72925 72926 89881c 72925->72926 72926->70761 72927 97eddb 45 API calls 72927->72928 72928->72922 72928->72923 72928->72927 72929 898a01 72928->72929 72937 97edb7 45 API calls 72928->72937 72938 881878 23 API calls __fread_nolock 72929->72938 72939 97f500 72932->72939 72934 97edfd 72934->72919 72935->72916 72936->72922 72937->72928 72938->72922 72940 97f521 72939->72940 72941 97f50c 72939->72941 72944 97f532 72940->72944 72948 97f555 72940->72948 72942 98a7f2 __dosmaperr 11 API calls 72941->72942 72943 97f511 72942->72943 72970 98be02 22 API calls ___std_exception_copy 72943->72970 72946 98a7f2 __dosmaperr 11 API calls 72944->72946 72947 97f53b 72944->72947 72967 97f5e3 72946->72967 72947->72934 72950 98a7f2 __dosmaperr 11 API calls 72948->72950 72949 97f51c 72949->72934 72951 97f55a 72950->72951 72953 97f567 72951->72953 72954 97f594 72951->72954 72971 981ac4 45 API calls 4 library calls 72953->72971 72972 981ac4 45 API calls 4 library calls 72954->72972 72957 97f579 72959 97f581 72957->72959 72960 97f5d0 72957->72960 72958 97f5a6 72958->72960 72962 97f5ba 72958->72962 72961 98a7f2 __dosmaperr 11 API calls 72959->72961 72960->72947 72965 98a7f2 __dosmaperr 11 API calls 72960->72965 72963 97f586 72961->72963 72964 98a7f2 __dosmaperr 11 API calls 72962->72964 72963->72947 72966 98a7f2 __dosmaperr 11 API calls 72963->72966 72968 97f5bf 72964->72968 72965->72967 72966->72947 72973 98be02 22 API calls ___std_exception_copy 72967->72973 72968->72947 72969 98a7f2 __dosmaperr 11 API calls 72968->72969 72969->72947 72970->72949 72971->72957 72972->72958 72973->72947 72974->70768 72975->70772 72976->70791 72977->70786 72979 882225 72978->72979 72984 88225a 72979->72984 72982->70812 72985 88226b 72984->72985 72988 88223a 72985->72988 72989 8804a2 23 API calls 72985->72989 72988->70801 72988->70803 72991 884750 _strlen 72990->72991 72992 9794aa __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 72991->72992 72993 884785 72992->72993 72993->70820 72993->70822 72995 88bbc5 72994->72995 72996 88bbdc 72994->72996 72998 88bbcf 72995->72998 72999 88bbe1 72995->72999 72997 9794aa __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 72996->72997 73001 88be00 72997->73001 72998->72996 73003 88bce3 CreateFileW 72998->73003 73000 9793de 3 API calls 72999->73000 73002 88bbe8 __fread_nolock 73000->73002 73001->70825 73005 88bc03 GetModuleFileNameW 73002->73005 73003->72996 73004 88bd1c __fread_nolock 73003->73004 73006 88bd32 GetCurrentDirectoryW 73004->73006 73007 88bc2e 73005->73007 73006->72996 73008 88bd58 73006->73008 73009 88bc3c 73007->73009 73010 88be0d 73007->73010 73008->72996 73011 881bbc 23 API calls 73008->73011 73013 88be14 73009->73013 73014 88bc5a 73009->73014 73020 88bc43 __fread_nolock 73009->73020 73036 880494 23 API calls 73010->73036 73019 88bd6f 73011->73019 73015 98d9b4 _unexpected 34 API calls 73013->73015 73016 9793de 3 API calls 73014->73016 73017 88be19 73015->73017 73016->73020 73018 88bd98 73035 881a38 23 API calls 73018->73035 73019->73018 73034 881a38 23 API calls 73019->73034 73023 88bcbc 73020->73023 73032 881dd6 23 API calls CatchIt 73020->73032 73033 881a38 23 API calls 73023->73033 73024 88bda8 73027 88bdb3 73024->73027 73028 88bdb5 CreateFileW 73024->73028 73027->73028 73028->72996 73030 88bdea 73028->73030 73029 88bcc8 73029->72996 73029->72998 73030->72996 73031->70843 73032->73023 73033->73029 73034->73018 73035->73024 73113 87bad0 73037->73113 73040 869a56 73041 87bad0 11 API calls 73040->73041 73042 869a6a 73041->73042 73042->70849 73044 88bf8d _strlen 73043->73044 73122 895530 73044->73122 73047 88c295 73048 841741 119 API calls 73053 88bff9 _strlen 73048->73053 73049 88c028 73050 88c05b 73049->73050 73151 8c6720 GetCurrentProcessId 73049->73151 73052 88c086 73050->73052 73153 861c60 GetCurrentThreadId 73050->73153 73055 88c18b 73052->73055 73056 88c096 GetLocalTime 73052->73056 73053->73049 73054 841741 119 API calls 73053->73054 73059 88c017 73054->73059 73061 88c194 GetTickCount 73055->73061 73062 88c1b5 73055->73062 73154 86a020 121 API calls 73056->73154 73057 88c03c 73152 8c6700 121 API calls 73057->73152 73066 841741 119 API calls 73059->73066 73160 86a7a0 121 API calls 73061->73160 73070 88c1eb 73062->73070 73080 88c1bc _strlen 73062->73080 73066->73049 73067 88c0ce 73155 86a020 121 API calls 73067->73155 73068 88c046 73075 841741 119 API calls 73068->73075 73072 841741 119 API calls 73070->73072 73078 88c1f8 73072->73078 73074 88c1a4 73079 841741 119 API calls 73074->73079 73075->73050 73077 88c0e8 73082 841741 119 API calls 73077->73082 73081 86a200 119 API calls 73078->73081 73083 88c1b2 73079->73083 73084 841741 119 API calls 73080->73084 73086 88c1e0 73081->73086 73085 88c0fa 73082->73085 73083->73062 73084->73086 73156 86a020 121 API calls 73085->73156 73087 841741 119 API calls 73086->73087 73090 88c215 73087->73090 73089 88c117 73157 86a020 121 API calls 73089->73157 73126 894e00 73090->73126 73093 88c131 73158 86a020 121 API calls 73093->73158 73096 841741 119 API calls 73098 88c233 73096->73098 73097 88c14b 73100 841741 119 API calls 73097->73100 73129 86a200 73098->73129 73101 88c159 73100->73101 73159 86a020 121 API calls 73101->73159 73103 841741 119 API calls 73106 88c24d 73103->73106 73105 88c176 73108 841741 119 API calls 73105->73108 73141 845604 73106->73141 73109 88c188 73108->73109 73109->73055 73110 88c259 73111 9794aa __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 73110->73111 73112 8411a4 73111->73112 73112->70853 73116 87ba10 73113->73116 73117 87ba70 73116->73117 73118 86b08a 73116->73118 73119 9794e7 __Init_thread_header 6 API calls 73117->73119 73118->73040 73120 87ba7a 73119->73120 73120->73118 73121 97955d __Init_thread_footer 5 API calls 73120->73121 73121->73118 73125 895560 73122->73125 73123 9794aa __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 73124 88bfaf 73123->73124 73124->73047 73124->73048 73125->73123 73161 86ac90 73126->73161 73130 86a33c 73129->73130 73131 86a249 73129->73131 73132 8419a0 121 API calls 73130->73132 73133 86a260 73131->73133 73135 869db0 121 API calls 73131->73135 73134 86a344 73132->73134 73188 87bb88 73133->73188 73134->73103 73135->73133 73137 86a28f 73138 87bb88 10 API calls 73137->73138 73140 86a2d3 73137->73140 73138->73140 73140->73130 73194 86afea 121 API calls 73140->73194 73142 845615 73141->73142 73143 845628 73141->73143 73145 8456ff 73142->73145 73146 84567a 73142->73146 73147 845619 73142->73147 73144 845651 73143->73144 73143->73145 73144->73147 73149 9793de 3 API calls 73144->73149 73197 880494 23 API calls 73145->73197 73146->73147 73150 9793de 3 API calls 73146->73150 73147->73110 73149->73147 73150->73147 73151->73057 73152->73068 73154->73067 73155->73077 73156->73089 73157->73093 73158->73097 73159->73105 73160->73074 73162 86acf4 73161->73162 73168 86acd6 73161->73168 73166 86ad0e 73162->73166 73175 869db0 73162->73175 73166->73168 73183 86afea 121 API calls 73166->73183 73169 8419a0 73168->73169 73170 8419b5 73169->73170 73171 8419fa 73169->73171 73170->73171 73184 8690f8 8 API calls 73170->73184 73171->73096 73173 8419c8 73173->73171 73185 86afea 121 API calls 73173->73185 73176 869e4b 73175->73176 73177 869deb 73175->73177 73176->73166 73186 869fe8 121 API calls 73177->73186 73179 869e43 73180 8419a0 121 API calls 73179->73180 73180->73176 73181 869e06 73181->73179 73187 86afea 121 API calls 73181->73187 73183->73168 73184->73173 73185->73171 73186->73181 73187->73179 73195 87bb32 9 API calls __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 73188->73195 73190 87bb98 73191 87bbae 73190->73191 73196 87b9d4 RaiseException CallUnexpected 73190->73196 73191->73137 73193 87bbb8 73193->73137 73194->73130 73195->73190 73196->73193 73198->70861 73199->70855 73202 8859b0 73200->73202 73201 8813a0 23 API calls 73205 885a14 73201->73205 73202->73201 73202->73205 73203 9794aa __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 73204 885bc3 73203->73204 73204->70871 73205->73203 73207 885f1d 73206->73207 73217 885c4b 73206->73217 73208 9794aa __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 73207->73208 73209 885904 73208->73209 73209->70874 73218 881a38 23 API calls 73209->73218 73210 8813a0 23 API calls 73210->73217 73211 88225a 23 API calls 73211->73217 73213 885960 23 API calls 73213->73217 73215 881878 23 API calls 73215->73217 73217->73207 73217->73210 73217->73211 73217->73213 73217->73215 73220 881a38 23 API calls 73217->73220 73221 885220 23 API calls 2 library calls 73217->73221 73222 847c80 35 API calls 2 library calls 73217->73222 73218->70876 73219->70874 73220->73217 73221->73217 73222->73217 73223->70881 73225 86aba5 73224->73225 73226 86abdb 73224->73226 73228 86abbc 73225->73228 73230 869db0 121 API calls 73225->73230 73227 8419a0 121 API calls 73226->73227 73229 86ac23 73227->73229 73228->73226 73253 86afea 121 API calls 73228->73253 73229->70894 73230->73228 73233 9928f8 73232->73233 73234 9928db 73232->73234 73233->70903 73234->73233 73235 9928e8 73234->73235 73236 9928fc 73234->73236 73237 98a7f2 __dosmaperr 11 API calls 73235->73237 73254 992af4 73236->73254 73239 9928ed 73237->73239 73262 98be02 22 API calls ___std_exception_copy 73239->73262 73243 9919b5 73242->73243 73247 9919be 73242->73247 73287 991b06 70 API calls 73243->73287 73245 9919bb 73245->70908 73246 9919cf 73246->70908 73247->73246 73288 991c8b 70 API calls 2 library calls 73247->73288 73249 9919f6 73249->70908 73250->70912 73251->70904 73253->73226 73255 992b00 CallCatchBlock 73254->73255 73263 97ea3f EnterCriticalSection 73255->73263 73257 992b0e 73264 992ab1 73257->73264 73261 99292e 73261->70903 73262->73233 73263->73257 73272 99872c 73264->73272 73266 992ac5 73277 992930 68 API calls 4 library calls 73266->73277 73268 992ae0 73278 998813 66 API calls 73268->73278 73270 992aeb 73271 992b43 LeaveCriticalSection __fread_nolock 73270->73271 73271->73261 73279 9987d8 73272->73279 73274 99873d 73275 8a8c30 ___std_exception_copy 2 API calls 73274->73275 73276 998797 __freea 73274->73276 73275->73276 73276->73266 73277->73268 73278->73270 73280 9987e4 73279->73280 73281 998805 73280->73281 73285 98abfd 22 API calls 2 library calls 73280->73285 73281->73274 73283 9987ff 73286 99de3e 22 API calls 2 library calls 73283->73286 73285->73283 73286->73281 73287->73245 73288->73249 73290 8d3975 73289->73290 73291 8d3947 73289->73291 73292 8d3960 73289->73292 73293 8d3932 73289->73293 73306 8d3945 73289->73306 73295 9793de 3 API calls 73290->73295 73297 9793de 3 API calls 73291->73297 73291->73306 73294 9793de 3 API calls 73292->73294 73296 9793de 3 API calls 73293->73296 73298 8d3967 73294->73298 73299 8d397c 73295->73299 73300 8d3939 73296->73300 73301 8d3998 73297->73301 73317 91ac30 GetHandleVerifier CreateIoCompletionPort GetLastError SetLastError 73298->73317 73318 919530 128 API calls __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 73299->73318 73316 9192c0 GetHandleVerifier CreateEventW GetLastError SetLastError ResetEvent 73300->73316 73319 919530 128 API calls __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 73301->73319 73306->70926 73320 8d3a00 73307->73320 73309 899e6e 73323 8d3af0 73309->73323 73311 899e89 73329 8db0a0 73311->73329 73316->73306 73317->73306 73318->73306 73319->73306 73336 89baf0 73320->73336 73324 8d3b1a 73323->73324 73342 8d3a50 73324->73342 73327 9794aa __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 73328 8d3b58 73327->73328 73328->73311 73438 8d1900 73329->73438 73337 89bb10 73336->73337 73338 89bb17 73336->73338 73337->73309 73339 9794e7 __Init_thread_header 6 API calls 73338->73339 73340 89bb21 73339->73340 73340->73337 73341 97955d __Init_thread_footer 5 API calls 73340->73341 73341->73337 73351 91b9e0 73342->73351 73345 9793de 3 API calls 73346 8d3a8a 73345->73346 73356 8d3be0 73346->73356 73349 9794aa __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 73350 8d3adf 73349->73350 73350->73327 73352 9793de 3 API calls 73351->73352 73353 91b9f6 73352->73353 73370 91b7a0 73353->73370 73357 8d3c20 73356->73357 73358 8d3c5c 73357->73358 73396 891c30 20 API calls __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 73357->73396 73376 8d39b0 73358->73376 73361 8d3c94 73379 8d3de0 73361->73379 73365 8d3ce3 73367 8d3cf0 73365->73367 73397 861c60 GetCurrentThreadId 73365->73397 73368 9794aa __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 73367->73368 73369 8d3ab5 73368->73369 73369->73349 73371 91b7cb 73370->73371 73372 9793de 3 API calls 73371->73372 73373 91b7ed 73372->73373 73374 9794aa __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 73373->73374 73375 8d3a7d 73374->73375 73375->73345 73398 8aa910 73376->73398 73380 8d3e40 73379->73380 73409 91d500 73380->73409 73382 8d3f06 73383 9793de 3 API calls 73382->73383 73384 8d3f7b 73383->73384 73414 91d920 73384->73414 73386 8d3f98 73419 8d9a60 73386->73419 73388 8d40a6 73389 8d40b8 __fread_nolock 73388->73389 73422 891b20 8 API calls __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 73388->73422 73391 9794aa __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 73389->73391 73392 8d3cd7 73391->73392 73393 88cde0 73392->73393 73394 9793de 3 API calls 73393->73394 73395 88cdf2 73394->73395 73395->73365 73396->73358 73399 8aa956 73398->73399 73407 8aa93e 73398->73407 73401 9794e7 __Init_thread_header 6 API calls 73399->73401 73400 9794aa __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 73402 8aa94e 73400->73402 73403 8aa960 73401->73403 73402->73361 73403->73407 73408 8dfdf0 23 API calls 73403->73408 73405 8aa974 73406 97955d __Init_thread_footer 5 API calls 73405->73406 73406->73407 73407->73400 73408->73405 73423 93ecb0 73409->73423 73412 93ecb0 3 API calls 73413 91d54a 73412->73413 73413->73382 73415 9793de 3 API calls 73414->73415 73416 91d93b 73415->73416 73417 9793de 3 API calls 73416->73417 73418 91d958 73417->73418 73418->73386 73420 9793de 3 API calls 73419->73420 73421 8d9a75 73420->73421 73421->73388 73422->73389 73424 9793de 3 API calls 73423->73424 73425 93ecc6 73424->73425 73426 9793de 3 API calls 73425->73426 73427 93ecdc 73426->73427 73428 9793de 3 API calls 73427->73428 73429 93ecf2 73428->73429 73430 9793de 3 API calls 73429->73430 73431 93ed08 73430->73431 73432 9793de 3 API calls 73431->73432 73433 93ed1e 73432->73433 73434 9793de 3 API calls 73433->73434 73435 93ed34 73434->73435 73436 9793de 3 API calls 73435->73436 73437 91d536 73436->73437 73437->73412 73440 8d1920 73438->73440 73439 9794e7 __Init_thread_header 6 API calls 73439->73440 73440->73439 73442 97955d __Init_thread_footer 5 API calls 73440->73442 73443 89b630 28 API calls 73440->73443 73442->73440 73443->73440 73486->70971 73487 851c50 73490 987b93 73487->73490 73493 987cba 73490->73493 73494 987cc8 73493->73494 73495 987cda 73493->73495 73521 97a489 GetModuleHandleW 73494->73521 73505 987df8 73495->73505 73499 987ccd 73499->73495 73522 987c12 GetModuleHandleExW 73499->73522 73500 851c5a 73506 987e04 CallCatchBlock 73505->73506 73528 997ce1 EnterCriticalSection 73506->73528 73508 987e0e 73529 987d1e 73508->73529 73510 987e1b 73533 987e39 73510->73533 73513 987c65 73538 9997fb GetPEB 73513->73538 73516 987c94 73518 987c12 _unexpected 3 API calls 73516->73518 73517 987c74 GetPEB 73517->73516 73519 987c84 GetCurrentProcess TerminateProcess 73517->73519 73520 987c9c ExitProcess 73518->73520 73519->73516 73521->73499 73523 987c31 GetProcAddress 73522->73523 73524 987c54 73522->73524 73525 987c46 73523->73525 73526 987c5a FreeLibrary 73524->73526 73527 987c63 73524->73527 73525->73524 73526->73527 73527->73495 73528->73508 73530 987d2a CallCatchBlock 73529->73530 73532 987d8b _unexpected 73530->73532 73536 98a0f0 EnterCriticalSection LeaveCriticalSection _unexpected 73530->73536 73532->73510 73537 997cf8 LeaveCriticalSection 73533->73537 73535 987d0d 73535->73500 73535->73513 73536->73532 73537->73535 73539 999815 73538->73539 73540 987c6f 73538->73540 73542 9978ac 5 API calls _unexpected 73539->73542 73540->73516 73540->73517 73542->73540 73543 8a6360 73544 8a636e 73543->73544 73545 8a637c 73543->73545 73547 8a8370 GetHandleVerifier 73544->73547 73548 8a8383 73547->73548 73548->73545

                                                                                                                                                                                                    Executed Functions

                                                                                                                                                                                                    Function 008BB18D Relevance: 64.3, APIs: 15, Strings: 21, Instructions: 1257threadprocessCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 008BB643
                                                                                                                                                                                                    • OpenProcess.KERNEL32(001F0FFF,00000001,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 008BB651
                                                                                                                                                                                                    • GetStdHandle.KERNEL32(000000F6), ref: 008BB845
                                                                                                                                                                                                    • GetStdHandle.KERNEL32(000000F5), ref: 008BB850
                                                                                                                                                                                                    • GetStdHandle.KERNEL32(000000F4), ref: 008BB85B
                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 008BB9A6
                                                                                                                                                                                                    • InitializeProcThreadAttributeList.KERNEL32(00000000,00000001,00000000,?,?,?,?,?,?,00000000,009F4F64,00000000), ref: 008BB9D0
                                                                                                                                                                                                    • CreateProcessW.KERNELBASE(?,?,00000000,00000000,00000001,00000000,00000000,00000000,?,?), ref: 008BBAD9
                                                                                                                                                                                                    • CloseHandle.KERNEL32(?,?,?,00000000,00000000,00000001,00000000,00000000,00000000,?,?), ref: 008BBAEE
                                                                                                                                                                                                    • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,00000000,009F4F64,00000000), ref: 008BBB5E
                                                                                                                                                                                                    • UpdateProcThreadAttribute.KERNEL32(?,00000000,00020002,00000000,?,00000000,00000000,00000008,?,?,?,?,?,00000000,009F4F64,00000000), ref: 008BC27E
                                                                                                                                                                                                    • __Init_thread_header.LIBCMT ref: 008BC2DC
                                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 008BC30F
                                                                                                                                                                                                    • __Init_thread_header.LIBCMT ref: 008BC321
                                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 008BC361
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Handle$Process$AttributeCloseInit_thread_footerInit_thread_headerProcThread$CreateCurrentErrorInitializeLastListOpenUpdate
                                                                                                                                                                                                    • String ID: --initial-client-data=$../../third_party/crashpad/crashpad/client/crashpad_client_win.cc$::InitializeProcThreadAttributeList$::UpdateProcThreadAttribute$CloseHandle process$CloseHandle thread$CreateProcess$D$InitializeProcThreadAttributeList$InitializeProcThreadAttributeList (size)$InitializeProcThreadAttributeList (size) succeeded, expected failure$OpenProcess$UpdateProcThreadAttribute$annotation$attachment$crash-count-file$database$kernel32.dll$metrics-dir$rundll32.exe$url
                                                                                                                                                                                                    • API String ID: 2411058256-4240345948
                                                                                                                                                                                                    • Opcode ID: 559d48cd7e4a3048c366329d1c3e837e9481463d09f602fb8f3dd1c09673c91f
                                                                                                                                                                                                    • Instruction ID: 30196b28c4dbdb3dce96c99f434f156bd1a46d3a01e9d99ccbe63e0b1d734a5b
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 559d48cd7e4a3048c366329d1c3e837e9481463d09f602fb8f3dd1c09673c91f
                                                                                                                                                                                                    • Instruction Fuzzy Hash: C7A28EB1A083519BD720DB64C841BEBB7E5FFC8710F05492DE889D7391EBB1A944CB92
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 008BF1B4 Relevance: 30.7, APIs: 2, Strings: 15, Instructions: 961COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 008BF1F4
                                                                                                                                                                                                    • GetModuleFileNameW.KERNEL32(00000000,?,00000104,?,?,?,?,?,?), ref: 008BF980
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: FileModuleName
                                                                                                                                                                                                    • String ID: --monitor-self$--monitor-self-annotation=ptype=$--monitor-self-argument=$--type=$--user-data-dir=$/prefetch:7$OPERA_CRASHPAD_PIPE_NAME$Win32$channel$crashpad-handler$crashpad_handler.exe$plat$prod$special$ver
                                                                                                                                                                                                    • API String ID: 514040917-2088404468
                                                                                                                                                                                                    • Opcode ID: f48a6587f7e6d9bb119558aea7b6df20a4f8c3d5a2f203af5611a4fefef19174
                                                                                                                                                                                                    • Instruction ID: d4d02b622d4f27c6945c9ff69870acd80d193da14846228e6415ae3bff3c0150
                                                                                                                                                                                                    • Opcode Fuzzy Hash: f48a6587f7e6d9bb119558aea7b6df20a4f8c3d5a2f203af5611a4fefef19174
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0D82ACB1508755AFDB11DF24C840AABBBE4FF99304F04882DF589D7262D731EA49CB92
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 008BACEE Relevance: 17.8, APIs: 6, Strings: 4, Instructions: 304COMMON
                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 1536 8bacee-8bacfc 1537 8bad1a-8bad64 GetCurrentProcessId call 898590 1536->1537 1538 8bacfe-8bad05 1536->1538 1546 8bad69-8badc3 call 8fc868 call 880c66 1537->1546 1539 8bad17-8bad19 1538->1539 1540 8bad07-8bad10 call 8fc79e 1538->1540 1540->1539 1551 8badd1-8bade8 call 898e60 1546->1551 1552 8badc5-8badcb 1546->1552 1555 8badea-8badf3 1551->1555 1556 8badf5-8bae07 1551->1556 1552->1551 1557 8bae1c-8bae4c 1555->1557 1556->1557 1558 8bae09-8bae15 call 97945e 1556->1558 1560 8bae5e-8bae65 1557->1560 1561 8bae4e-8bae5b call 97945e 1557->1561 1558->1557 1564 8bae77-8bae88 call 8fcb18 1560->1564 1565 8bae67-8bae74 call 97945e 1560->1565 1561->1560 1571 8bae8a-8bae8c 1564->1571 1572 8bae9f-8baea2 1564->1572 1565->1564 1573 8bb0ca-8bb0fb call 98d9b4 call 8fcdd8 call 9793de call 8837a0 1571->1573 1574 8bae92-8bae9d call 8fc794 1571->1574 1575 8baee9-8baef0 1572->1575 1576 8baea4-8baea8 1572->1576 1574->1572 1578 8baefd-8bb021 CreateEventW * 3 call 8bb0cf SetUnhandledExceptionFilter call 993723 call 9793de call 863450 * 4 call 8804ce call 8bc972 call 866204 call 844418 call 8813a0 1575->1578 1579 8baef2-8baefa call 97945e 1575->1579 1576->1546 1581 8baeae-8baee7 call 8dd580 call 8dd550 call 841741 call 8dd560 1576->1581 1624 8bb023-8bb04d CreateThread call 8bb0fc 1578->1624 1625 8bb0a1-8bb0af call 8bb18d 1578->1625 1579->1578 1581->1575 1630 8bb04f-8bb05b call 88be20 1624->1630 1631 8bb0b1-8bb0c7 call 9794aa 1624->1631 1625->1631 1636 8bb05d-8bb08e call 88c840 call 88c9e0 call 841741 call 88ca90 1630->1636 1637 8bb093-8bb09f 1630->1637 1636->1637 1637->1631
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetCurrentProcessId.KERNEL32 ref: 008BAD4F
                                                                                                                                                                                                      • Part of subcall function 008FC79E: CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000,009F4F64,00000000), ref: 008FC7B4
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CloseCurrentHandleProcess
                                                                                                                                                                                                    • String ID: ../../third_party/crashpad/crashpad/client/crashpad_client_win.cc$CreateNamedPipe$CreateThread$\\.\pipe\crashpad_%lu_
                                                                                                                                                                                                    • API String ID: 2391145178-1892946667
                                                                                                                                                                                                    • Opcode ID: 4818a343fcd15a17ab0a48e057560bb6e67934e7a386c0fcc94cf044fcc9d07d
                                                                                                                                                                                                    • Instruction ID: cb35b78650c13bad0f0f5fc17fe8904926f0b1c493ec573f1c8d714e8f71e5b7
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4818a343fcd15a17ab0a48e057560bb6e67934e7a386c0fcc94cf044fcc9d07d
                                                                                                                                                                                                    • Instruction Fuzzy Hash: AFB1BFB1900704AFD720EF78C881BA6BBE9FF44314F04892DE56AD7291EB71B914CB52
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 008BAD1E Relevance: 17.8, APIs: 6, Strings: 4, Instructions: 284threadCOMMON
                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 1645 8bad1e-8bad64 GetCurrentProcessId call 898590 1648 8bad69-8badc3 call 8fc868 call 880c66 1645->1648 1653 8badd1-8bade8 call 898e60 1648->1653 1654 8badc5-8badcb 1648->1654 1657 8badea-8badf3 1653->1657 1658 8badf5-8bae07 1653->1658 1654->1653 1659 8bae1c-8bae4c 1657->1659 1658->1659 1660 8bae09-8bae15 call 97945e 1658->1660 1662 8bae5e-8bae65 1659->1662 1663 8bae4e-8bae5b call 97945e 1659->1663 1660->1659 1666 8bae77-8bae88 call 8fcb18 1662->1666 1667 8bae67-8bae74 call 97945e 1662->1667 1663->1662 1673 8bae8a-8bae8c 1666->1673 1674 8bae9f-8baea2 1666->1674 1667->1666 1675 8bb0ca-8bb0fb call 98d9b4 call 8fcdd8 call 9793de call 8837a0 1673->1675 1676 8bae92-8bae9d call 8fc794 1673->1676 1677 8baee9-8baef0 1674->1677 1678 8baea4-8baea8 1674->1678 1676->1674 1680 8baefd-8bb021 CreateEventW * 3 call 8bb0cf SetUnhandledExceptionFilter call 993723 call 9793de call 863450 * 4 call 8804ce call 8bc972 call 866204 call 844418 call 8813a0 1677->1680 1681 8baef2-8baefa call 97945e 1677->1681 1678->1648 1683 8baeae-8baee7 call 8dd580 call 8dd550 call 841741 call 8dd560 1678->1683 1726 8bb023-8bb04d CreateThread call 8bb0fc 1680->1726 1727 8bb0a1-8bb0a8 call 8bb18d 1680->1727 1681->1680 1683->1677 1732 8bb04f-8bb05b call 88be20 1726->1732 1733 8bb0b1-8bb0c7 call 9794aa 1726->1733 1731 8bb0ad-8bb0af 1727->1731 1731->1733 1738 8bb05d-8bb08e call 88c840 call 88c9e0 call 841741 call 88ca90 1732->1738 1739 8bb093-8bb09f 1732->1739 1738->1739 1739->1733
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetCurrentProcessId.KERNEL32 ref: 008BAD4F
                                                                                                                                                                                                      • Part of subcall function 00880D4E: _strlen.LIBCMT ref: 00880D5D
                                                                                                                                                                                                    • CreateEventW.KERNEL32(0000000C,00000000,00000000,00000000), ref: 008BAF29
                                                                                                                                                                                                    • CreateEventW.KERNEL32(0000000C,00000000,00000000,00000000), ref: 008BAF3A
                                                                                                                                                                                                    • CreateEventW.KERNEL32(0000000C,00000000,00000000,00000000), ref: 008BAF4B
                                                                                                                                                                                                    • SetUnhandledExceptionFilter.KERNEL32(008BC770), ref: 008BAF5C
                                                                                                                                                                                                    • CreateThread.KERNEL32(00000000,00000000,008BB140,00000000,00000000,00000000), ref: 008BB032
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Create$Event$CurrentExceptionFilterProcessThreadUnhandled_strlen
                                                                                                                                                                                                    • String ID: ../../third_party/crashpad/crashpad/client/crashpad_client_win.cc$CreateNamedPipe$CreateThread$\\.\pipe\crashpad_%lu_
                                                                                                                                                                                                    • API String ID: 1337974324-1892946667
                                                                                                                                                                                                    • Opcode ID: bddc4f9c75955013ef4a7655b728deaa45c3fadbd8a136b406ed168fcfc709f6
                                                                                                                                                                                                    • Instruction ID: c08ffd7143559ac867b40b177210e17965253fd082244036a4179eac16e9d9b6
                                                                                                                                                                                                    • Opcode Fuzzy Hash: bddc4f9c75955013ef4a7655b728deaa45c3fadbd8a136b406ed168fcfc709f6
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2CB1B0B1500B04AFD720EF78C885BA6BBE9FF44314F04892DE46AD7291EB71B915CB52
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 008BF782 Relevance: 16.3, APIs: 1, Strings: 8, Instructions: 534COMMON
                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 1893 8bf782-8bf7e4 call 887c80 * 2 call 8873d0 call 867f49 1902 8bf7ea-8bf7ff call 869030 1893->1902 1903 8bfb16-8bfb3d 1893->1903 1904 8bf802-8bf804 1902->1904 1908 8bfb3f-8bfb53 call 8c01db 1903->1908 1909 8bfb6c-8bfb6f 1903->1909 1906 8bf83f-8bf855 1904->1906 1907 8bf806-8bf810 1904->1907 1926 8bf8a1-8bf8d1 call 887c80 1906->1926 1927 8bf857-8bf85e 1906->1927 1910 8bf81a-8bf83a call 887cd0 call 887dd0 call 887d90 1907->1910 1911 8bf812-8bf816 1907->1911 1924 8bfb59-8bfb67 1908->1924 1925 8bfe30 1908->1925 1913 8bfbbb-8bfbdd call 866204 1909->1913 1914 8bfe67-8bfe6b 1909->1914 1910->1906 1911->1910 1945 8bfc9f-8bfce7 call 843696 call 880aa2 call 8668a0 1913->1945 1946 8bfbe3-8bfc01 call 843696 call 8668a0 1913->1946 1917 8bfe6d 1914->1917 1918 8bfe7c-8bfe85 1914->1918 1923 8bfe74-8bfe79 call 97945e 1917->1923 1939 8bfe97-8bfeab 1918->1939 1940 8bfe87-8bfe90 call 901830 1918->1940 1923->1918 1932 8bfe37-8bfe52 call 898e60 call 8bc3b6 1924->1932 1925->1932 1963 8bf90a-8bf957 call 8bf1b4 call 8804ce call 863450 1926->1963 1964 8bf8d3-8bf8da 1926->1964 1933 8bf868-8bf89b call 887cd0 call 887dd0 call 887d90 call 8a2df0 1927->1933 1934 8bf860-8bf864 1927->1934 1966 8bfe60 1932->1966 1967 8bfe54-8bfe5d call 97945e 1932->1967 1933->1926 1997 8bfed8-8bfed9 1933->1997 1934->1933 1949 8bfead-8bfeaf 1939->1949 1950 8bfeb3-8bfed7 call 887d90 call 9794aa 1939->1950 1940->1939 1998 8bfce9-8bfcf2 call 97945e 1945->1998 1999 8bfcf5-8bfcfa 1945->1999 1986 8bfc0f-8bfc1f 1946->1986 1987 8bfc03-8bfc0c call 97945e 1946->1987 1949->1950 2012 8bf959 1963->2012 2013 8bf95d-8bf95f 1963->2013 1972 8bf8dc-8bf8e0 1964->1972 1973 8bf8e4-8bf905 call 887cd0 call 887dd0 call 887d90 1964->1973 1966->1914 1967->1966 1972->1973 1973->1963 1986->1945 1988 8bfc21 1986->1988 1987->1986 1995 8bfc23-8bfc39 call 843696 1988->1995 2016 8bfc3b-8bfc3e 1995->2016 2017 8bfc40-8bfc77 call 880920 call 8668a0 1995->2017 2002 8bfedb-8bfedc 1997->2002 1998->1999 2006 8bfd08-8bfd40 call 8c01db call 8bad1e 1999->2006 2007 8bfcfc-8bfd05 call 97945e 1999->2007 2025 8bfd45-8bfd67 call 84573e call 8c01db call 8bc49e 2006->2025 2007->2006 2012->2013 2018 8bf9cc-8bf9e9 call 866204 2013->2018 2019 8bf961-8bf988 call 97da70 GetModuleFileNameW 2013->2019 2016->2017 2044 8bfc79-8bfc82 call 97945e 2017->2044 2045 8bfc85-8bfc8a 2017->2045 2031 8bf9ef-8bfa3b call 843696 call 880aa2 call 8668a0 2018->2031 2032 8bfb74-8bfbb8 call 888610 call 888b80 call 887dd0 call 887d90 * 2 2018->2032 2019->2002 2028 8bf98e-8bf997 2019->2028 2066 8bfd69-8bfd6d 2025->2066 2067 8bfd71-8bfd90 call 8992e0 2025->2067 2034 8bf9ab-8bf9cb call 887cd0 call 887dd0 call 887d90 2028->2034 2035 8bf999 2028->2035 2070 8bfa49-8bfa51 2031->2070 2071 8bfa3d-8bfa46 call 97945e 2031->2071 2032->1913 2034->2018 2040 8bf99b-8bf9a9 2035->2040 2040->2034 2040->2040 2044->2045 2046 8bfc98-8bfc9d 2045->2046 2047 8bfc8c-8bfc95 call 97945e 2045->2047 2046->1945 2046->1995 2047->2046 2066->2067 2091 8bfd9e-8bfda6 2067->2091 2092 8bfd92-8bfd9b call 97945e 2067->2092 2077 8bfa5f-8bfa65 2070->2077 2078 8bfa53-8bfa5c call 97945e 2070->2078 2071->2070 2082 8bfa6a-8bfa6c 2077->2082 2083 8bfa67 2077->2083 2078->2077 2084 8bfa6e-8bfa82 call 843696 2082->2084 2085 8bfae2-8bfb00 call 843696 call 8668a0 2082->2085 2083->2082 2098 8bfa89-8bfac1 call 880920 call 8668a0 2084->2098 2099 8bfa84-8bfa87 2084->2099 2108 8bfb0e-8bfb11 2085->2108 2109 8bfb02-8bfb0b call 97945e 2085->2109 2096 8bfda8-8bfdb1 call 97945e 2091->2096 2097 8bfdb4-8bfdd7 call 8440f6 * 2 call 887d90 2091->2097 2092->2091 2096->2097 2121 8bfdd9-8bfde2 call 97945e 2097->2121 2122 8bfde5-8bfdf6 call 8510fe 2097->2122 2119 8bfacf-8bfad4 2098->2119 2120 8bfac3-8bfacc call 97945e 2098->2120 2099->2098 2108->1913 2109->2108 2119->2085 2124 8bfad6-8bfadf call 97945e 2119->2124 2120->2119 2121->2122 2132 8bfdf8-8bfe01 call 97945e 2122->2132 2133 8bfe04-8bfe12 call 887d90 2122->2133 2124->2085 2132->2133 2138 8bfe20-8bfe28 2133->2138 2139 8bfe14-8bfe1d call 97945e 2133->2139 2138->1918 2140 8bfe2a-8bfe2e 2138->2140 2139->2138 2140->1923
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetModuleFileNameW.KERNEL32(00000000,?,00000104,?,?,?,?,?,?), ref: 008BF980
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: FileModuleName
                                                                                                                                                                                                    • String ID: --monitor-self$--monitor-self-annotation=ptype=$--monitor-self-argument=$--type=$--user-data-dir=$/prefetch:7$OPERA_CRASHPAD_PIPE_NAME$crashpad-handler
                                                                                                                                                                                                    • API String ID: 514040917-1229799049
                                                                                                                                                                                                    • Opcode ID: bfabe01bc363abd5d02c3f553f1c36f4a8faddac9216c3d17a7d01e988810e85
                                                                                                                                                                                                    • Instruction ID: adc602760942f89d5a09465011fa992450b175c5f884742a0d66555911367900
                                                                                                                                                                                                    • Opcode Fuzzy Hash: bfabe01bc363abd5d02c3f553f1c36f4a8faddac9216c3d17a7d01e988810e85
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 70228D715083559FDB21EF24C841AABBBE4FF85304F04882DF59997362DB31E949CB92
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00890EE0 Relevance: 10.8, APIs: 7, Instructions: 319COMMON
                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 2213 890ee0-890f11 2214 89125d-891271 call 9794e7 2213->2214 2215 890f17-890f1a 2213->2215 2214->2215 2224 891277-8912c1 call 9793de call 8837a0 call 97955d 2214->2224 2216 890f3a-890f49 TryAcquireSRWLockExclusive 2215->2216 2217 890f1c-890f35 call 8a33c0 call 9794aa 2215->2217 2221 89123b-891242 call 8a68f0 2216->2221 2222 890f4f-890f5c 2216->2222 2243 891173-89117a 2217->2243 2247 891247-891252 call 8a68f0 2221->2247 2225 890faf-890fb4 2222->2225 2226 890f5e-890f66 2222->2226 2224->2215 2225->2226 2232 890fb6-890ff0 2225->2232 2230 890f6c-890fa6 2226->2230 2231 891071-89109c ReleaseSRWLockExclusive call 887c80 2226->2231 2236 890fa8-890fad 2230->2236 2237 891000-891004 2230->2237 2252 89109e-89109f 2231->2252 2253 8910b6-8910bc 2231->2253 2239 89117b-89117f 2232->2239 2240 890ff6-890ffb 2232->2240 2245 891011-891019 2236->2245 2237->2245 2248 891006-89100e 2237->2248 2241 89118c-891194 2239->2241 2242 891181-891189 2239->2242 2240->2241 2241->2226 2250 89119a-89119e 2241->2250 2242->2241 2245->2231 2249 89101b-89101f 2245->2249 2262 891258 2247->2262 2263 891152-89115b ReleaseSRWLockExclusive 2247->2263 2248->2245 2249->2231 2256 891021-891027 2249->2256 2250->2226 2259 8911a4-8911aa 2250->2259 2261 8910a0 2252->2261 2257 8910be 2253->2257 2258 8910c1-8910c3 2253->2258 2264 89103f-891044 2256->2264 2257->2258 2265 8910c9-8910d5 call 889e40 2258->2265 2266 89115d 2258->2266 2267 8911bf-8911c4 2259->2267 2269 8910a2-8910a7 2261->2269 2262->2214 2275 89115f-891162 call 887d90 2263->2275 2270 891030-891033 2264->2270 2271 891046-89104a 2264->2271 2293 891102-891117 call 887db0 TryAcquireSRWLockExclusive 2265->2293 2294 8910d7-8910f9 call 8a1500 call 887dd0 call 887d90 2265->2294 2266->2275 2273 8911b0-8911b3 2267->2273 2274 8911c6-8911ca 2267->2274 2269->2253 2276 8910a9-8910ae 2269->2276 2277 891039-89103d 2270->2277 2278 8911e7-8911eb 2270->2278 2279 89104c-89104f 2271->2279 2280 891060-891062 2271->2280 2282 89121f-891236 call 887db0 ReleaseSRWLockExclusive 2273->2282 2283 8911b5-8911b9 2273->2283 2284 8911cc-8911cf 2274->2284 2285 8911d1-8911d3 2274->2285 2287 891167-891171 call 9794aa 2275->2287 2276->2253 2288 8910b0-8910b4 2276->2288 2277->2231 2277->2264 2278->2282 2289 8911ed-89121a call 891520 call 887db0 2278->2289 2290 89106d-89106f 2279->2290 2280->2290 2292 891064-89106a 2280->2292 2282->2287 2283->2226 2283->2267 2295 8911de-8911e0 2284->2295 2285->2295 2296 8911d5-8911db 2285->2296 2287->2243 2288->2261 2289->2282 2290->2231 2290->2277 2292->2290 2293->2247 2308 89111d-891121 2293->2308 2316 8910fb 2294->2316 2317 8910fe-891100 2294->2317 2295->2283 2298 8911e2 2295->2298 2296->2295 2298->2226 2308->2263 2310 891123-89114f call 891520 call 887db0 2308->2310 2310->2263 2316->2317 2317->2266 2317->2293
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • TryAcquireSRWLockExclusive.KERNEL32(04B371C8,?,?,?,?,?,?,?,?,?,?,?,00841118,00000005,?), ref: 00890F41
                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(04B371C8,?,?,?,?,?,?,?,?,?,?,?,00841118,00000005,?), ref: 00891075
                                                                                                                                                                                                    • __Init_thread_header.LIBCMT ref: 00891262
                                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 008912B9
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ExclusiveLock$AcquireInit_thread_footerInit_thread_headerRelease
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2580794422-0
                                                                                                                                                                                                    • Opcode ID: 7c785ea7759826bfd23803c00506a7011693edf7774764ab00d74229145f743c
                                                                                                                                                                                                    • Instruction ID: ca1018926b034bd0802b4c964f0368feeb31e832dc3d2490c53f33b551d69b08
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7c785ea7759826bfd23803c00506a7011693edf7774764ab00d74229145f743c
                                                                                                                                                                                                    • Instruction Fuzzy Hash: F2B1F131B0864A9BCF24EF64C8856BEB3B2FF84310B1C8128E956E7241DB35ED45CB91
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00987C65 Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(0098D9F7,?,00987D1D,0098C03F,?,0098D9F7,0098C03F,0098D9F7,00000003), ref: 00987C87
                                                                                                                                                                                                    • TerminateProcess.KERNEL32(00000000,?,00987D1D,0098C03F,?,0098D9F7,0098C03F,0098D9F7,00000003), ref: 00987C8E
                                                                                                                                                                                                    • ExitProcess.KERNEL32 ref: 00987CA0
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1703294689-0
                                                                                                                                                                                                    • Opcode ID: abb27b00590c2f1acaf0914374c0e9280882c3c30d42634f2c1b4252b91a7238
                                                                                                                                                                                                    • Instruction ID: 3b7bb37a23c2caf467724295a042c002e9cb593ffdfca016e933237ab9178e82
                                                                                                                                                                                                    • Opcode Fuzzy Hash: abb27b00590c2f1acaf0914374c0e9280882c3c30d42634f2c1b4252b91a7238
                                                                                                                                                                                                    • Instruction Fuzzy Hash: E3E0E631028684AFCF117FA8DD49A597F69EB45341B204454F9498B331DF35ED81DB51
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 008FCB18 Relevance: 3.1, APIs: 2, Instructions: 53pipeCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetVersion.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 008FCB49
                                                                                                                                                                                                    • CreateNamedPipeW.KERNELBASE ref: 008FCBA4
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CreateNamedPipeVersion
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1287812050-0
                                                                                                                                                                                                    • Opcode ID: 99edd61f9c9e48250b28149d6999cffb9ba0aeb5c4afb146a34b4f8311fb9772
                                                                                                                                                                                                    • Instruction ID: ae598d60b9ae8685ce7c8258ece9235411089e4f0a7f756bcc861af32f4687b3
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 99edd61f9c9e48250b28149d6999cffb9ba0aeb5c4afb146a34b4f8311fb9772
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7B119D718082098BDB089F69D4453AAFBE4FF88310F00851EE999A7360C7705685CB81
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00868004 Relevance: 109.4, APIs: 40, Strings: 22, Instructions: 934COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • _strlen.LIBCMT ref: 00868188
                                                                                                                                                                                                    • _strlen.LIBCMT ref: 00868276
                                                                                                                                                                                                    • _strlen.LIBCMT ref: 008682B3
                                                                                                                                                                                                    • _strlen.LIBCMT ref: 008684E1
                                                                                                                                                                                                    • _strlen.LIBCMT ref: 0086860C
                                                                                                                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 008686F1
                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32 ref: 00868759
                                                                                                                                                                                                    • _strlen.LIBCMT ref: 008683B7
                                                                                                                                                                                                      • Part of subcall function 00843696: _strlen.LIBCMT ref: 008436AD
                                                                                                                                                                                                      • Part of subcall function 00880AA2: _strlen.LIBCMT ref: 00880AAD
                                                                                                                                                                                                    • _strlen.LIBCMT ref: 008687E1
                                                                                                                                                                                                    • _strlen.LIBCMT ref: 0086886C
                                                                                                                                                                                                    • _strlen.LIBCMT ref: 00868903
                                                                                                                                                                                                    • _strlen.LIBCMT ref: 00868940
                                                                                                                                                                                                    • __Init_thread_header.LIBCMT ref: 00868A1B
                                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 00868A49
                                                                                                                                                                                                    • __Init_thread_header.LIBCMT ref: 00868A5B
                                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 00868A89
                                                                                                                                                                                                    • __Init_thread_header.LIBCMT ref: 00868A9B
                                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 00868AC9
                                                                                                                                                                                                    • __Init_thread_header.LIBCMT ref: 00868ADB
                                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 00868B09
                                                                                                                                                                                                    • __Init_thread_header.LIBCMT ref: 00868B1B
                                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 00868B49
                                                                                                                                                                                                    • __Init_thread_header.LIBCMT ref: 00868B5B
                                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 00868B89
                                                                                                                                                                                                    • __Init_thread_header.LIBCMT ref: 00868B9B
                                                                                                                                                                                                      • Part of subcall function 009794E7: EnterCriticalSection.KERNEL32(009F4FC0,?,?,?,008DEFCF,009F5134,?,?,?,?,008DEBD1,00000000,00000000), ref: 009794F2
                                                                                                                                                                                                      • Part of subcall function 009794E7: LeaveCriticalSection.KERNEL32(009F4FC0,?,?,?,008DEFCF,009F5134,?,?,?,?,008DEBD1,00000000,00000000), ref: 0097952F
                                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 00868BC9
                                                                                                                                                                                                    • __Init_thread_header.LIBCMT ref: 00868BDB
                                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 00868C09
                                                                                                                                                                                                    • __Init_thread_header.LIBCMT ref: 00868C1B
                                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 00868C49
                                                                                                                                                                                                    • __Init_thread_header.LIBCMT ref: 00868C5B
                                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 00868C8C
                                                                                                                                                                                                    • __Init_thread_header.LIBCMT ref: 00868C9E
                                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 00868CCF
                                                                                                                                                                                                    • __Init_thread_header.LIBCMT ref: 00868CE1
                                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 00868D0F
                                                                                                                                                                                                    • __Init_thread_header.LIBCMT ref: 00868D21
                                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 00868D4F
                                                                                                                                                                                                    • __Init_thread_header.LIBCMT ref: 00868D61
                                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 00868D8F
                                                                                                                                                                                                      • Part of subcall function 0097955D: EnterCriticalSection.KERNEL32(009F4FC0,?,?,0089B5A5,009F4C0C), ref: 00979567
                                                                                                                                                                                                      • Part of subcall function 0097955D: LeaveCriticalSection.KERNEL32(009F4FC0,?,?,0089B5A5,009F4C0C), ref: 0097959A
                                                                                                                                                                                                      • Part of subcall function 0097955D: WakeAllConditionVariable.KERNEL32(?,0089B5A5,009F4C0C), ref: 0097960D
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Init_thread_footerInit_thread_header$_strlen$CriticalSection$EnterLeave$ConditionCurrentProcessUnothrow_t@std@@@VariableWake__ehfuncinfo$??2@
                                                                                                                                                                                                    • String ID: BuildID$Email$InstallTime$OPERA_CRASH_EMAIL$OPERA_CRASH_KEEP_LOGS$OPERA_CRASH_ORIGIN$OPERA_CRASH_REPORTER_OPAUTO_TEST$OPERA_CRASH_SERVER_URL$OpAuto$Origin$ReleaseChannel$UBN$_crashreporter.exe$browser$channel$is_wow64$opauto_test$prod$ptype$symbols-package$user-data-dir$ver
                                                                                                                                                                                                    • API String ID: 1984183743-854346390
                                                                                                                                                                                                    • Opcode ID: a0cce3c390bcfd806229ddb8c7c8fe4f4f9397ef245321b268e49c1a1a029979
                                                                                                                                                                                                    • Instruction ID: e3e78d6efd559e8404cb41a4698a004c3e8018f47c6dd4a6fc7ef1322b7d8559
                                                                                                                                                                                                    • Opcode Fuzzy Hash: a0cce3c390bcfd806229ddb8c7c8fe4f4f9397ef245321b268e49c1a1a029979
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0D7202B1A08311EFD710EB24DC42A3EBBA0FB85704F458529F959D7352EB31AA05DB93
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 008FC8A4 Relevance: 21.2, APIs: 5, Strings: 7, Instructions: 185pipefileCOMMON
                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 1333 8fc8a4-8fc8bd 1334 8fc8c3-8fc8c9 1333->1334 1335 8fc8cd-8fc8f4 CreateFileW 1334->1335 1336 8fc8cb 1334->1336 1337 8fc95e-8fc97a SetNamedPipeHandleState 1335->1337 1338 8fc8f6-8fc901 GetLastError 1335->1338 1336->1335 1341 8fca73-8fca7f call 88be20 1337->1341 1342 8fc980-8fc99d TransactNamedPipe 1337->1342 1339 8fc907-8fc90d 1338->1339 1340 8fca25-8fca31 call 88be20 1338->1340 1344 8fc90f 1339->1344 1345 8fc911-8fc91c WaitNamedPipeW 1339->1345 1359 8fca6c-8fca6e 1340->1359 1360 8fca33-8fca57 call 88c840 call 88c9e0 1340->1360 1355 8fcaf6 1341->1355 1356 8fca81-8fcaaa call 88c840 call 88c9e0 1341->1356 1347 8fcaac-8fcab8 call 88be20 1342->1347 1348 8fc9a3-8fc9ac 1342->1348 1344->1345 1345->1334 1352 8fc91e-8fc92a call 88be20 1345->1352 1347->1355 1368 8fcaba-8fcae1 call 88c840 call 88c9e0 1347->1368 1349 8fcaf8-8fcafe call 8fc794 1348->1349 1350 8fc9b2-8fc9be call 88be20 1348->1350 1369 8fcb01-8fcb17 call 9794aa 1349->1369 1350->1355 1371 8fc9c4-8fca20 call 88bec0 call 841741 call 86a3e0 call 841741 call 86a3e0 call 88c2a0 1350->1371 1352->1359 1374 8fc930-8fc959 call 88c840 call 88c9e0 1352->1374 1355->1349 1387 8fcae6-8fcaf1 call 841741 call 88ca90 1356->1387 1359->1369 1389 8fca5c-8fca67 call 841741 call 88ca90 1360->1389 1368->1387 1371->1355 1374->1389 1387->1355 1389->1359
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • CreateFileW.KERNELBASE ref: 008FC8EF
                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 008FC8F6
                                                                                                                                                                                                    • WaitNamedPipeW.KERNEL32(?,000000FF), ref: 008FC914
                                                                                                                                                                                                    • SetNamedPipeHandleState.KERNELBASE(00000000,?,00000000,00000000), ref: 008FC972
                                                                                                                                                                                                    • TransactNamedPipe.KERNELBASE(00000000,00000000,00000024,008BC428,0000000C,?,00000000), ref: 008FC995
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: NamedPipe$CreateErrorFileHandleLastStateTransactWait
                                                                                                                                                                                                    • String ID: , observed $../../third_party/crashpad/crashpad/util/win/registration_protocol_win.cc$CreateFile$SetNamedPipeHandleState$TransactNamedPipe$TransactNamedPipe: expected $WaitNamedPipe
                                                                                                                                                                                                    • API String ID: 3582518244-3702053020
                                                                                                                                                                                                    • Opcode ID: 4154b133b14ec972e55b13766b3334c15cb8021c7fa71749128ff182301af61a
                                                                                                                                                                                                    • Instruction ID: 6d0e1e0ce7c298e494879e9fa1995cf4a138003a443e1de4464d9a2d21e7fde3
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4154b133b14ec972e55b13766b3334c15cb8021c7fa71749128ff182301af61a
                                                                                                                                                                                                    • Instruction Fuzzy Hash: E251E661B5032C6AEA20FB649D47FBA7769FF80714F040064FB05EA2D2DBB16A44C663
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 0085FBFA Relevance: 17.9, APIs: 3, Strings: 7, Instructions: 357COMMON
                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 1408 85fbfa-85fc26 1409 85fc3e-85fc42 call 887c80 1408->1409 1410 85fc28-85fc3c call 888b80 1408->1410 1413 85fc47-85fc51 1409->1413 1410->1413 1415 85fc57-85fc59 1413->1415 1416 85fc53 1413->1416 1417 85fc5b-85fc67 call 888b80 1415->1417 1418 85fc8a-85fc90 1415->1418 1416->1415 1422 85fc6c-85fc89 call 887d90 call 9794aa 1417->1422 1420 85fcb5-85fccb call 887c80 call 890ee0 1418->1420 1421 85fc92-85fca4 1418->1421 1432 85fcd0-85fcd5 1420->1432 1423 85fe29 1421->1423 1424 85fcaa-85fcb0 1421->1424 1427 85fe2c-85fe6a call 899420 call 9942d0 call 899420 1423->1427 1424->1427 1449 85fe6c-85fe74 1427->1449 1450 85fe78-85fe9a 1427->1450 1435 85ff35-85ff37 call 887c80 1432->1435 1436 85fcdb-85fd03 call 843696 call 862c10 1432->1436 1444 85ff3c-85ff45 call 887d90 1435->1444 1452 85fd05-85fd0b call 9942d0 1436->1452 1453 85fd0e-85fd2b call 897bc0 call 862ccb 1436->1453 1461 85ff4a-85ff4e 1444->1461 1449->1450 1454 85fea0-85feba 1450->1454 1455 85ff6e-85ff87 call 85f8e0 1450->1455 1452->1453 1483 85fd2d-85fd36 call 9942d0 1453->1483 1484 85fd38-85fd63 call 897bc0 call 85f9f0 1453->1484 1458 85fec4-85fed7 1454->1458 1459 85febc-85febf 1454->1459 1469 85ff89-85ff90 1455->1469 1470 85ffca-85ffcf call 887c80 1455->1470 1465 85feda-85fedf 1458->1465 1464 85ffc4-85ffc8 1459->1464 1467 85ff50-85ff66 1461->1467 1468 85ffb9-85ffc0 1461->1468 1471 86000a-86001c call 887cd0 1464->1471 1465->1468 1472 85fee5 1465->1472 1467->1471 1474 85ff6c 1467->1474 1468->1464 1476 85ff96-85ffb7 call 881ea8 1469->1476 1477 85ff92 1469->1477 1487 85ffd4-85ffdd 1470->1487 1485 860021-860026 1471->1485 1479 85fee6-85fee9 1472->1479 1474->1455 1476->1487 1477->1476 1481 85fef8-85feff 1479->1481 1482 85feeb-85fef1 1479->1482 1490 85ff00-85ff02 1481->1490 1482->1479 1488 85fef3 1482->1488 1483->1484 1512 85fd65-85fd69 1484->1512 1513 85fd6d-85fd85 call 897bc0 1484->1513 1492 860034-860039 1485->1492 1493 860028-860031 call 97945e 1485->1493 1495 85ffef-85fff1 1487->1495 1496 85ffdf-85ffec call 97945e 1487->1496 1488->1468 1490->1461 1499 85ff04-85ff1a 1490->1499 1492->1422 1502 86003f-86004b call 97945e 1492->1502 1493->1492 1495->1485 1497 85fff3-860006 1495->1497 1496->1495 1497->1471 1499->1490 1504 85ff1c-85ff2e 1499->1504 1502->1422 1504->1465 1509 85ff30 1504->1509 1509->1468 1512->1513 1516 85fd87-85fd90 call 97945e 1513->1516 1517 85fd93-85fdb7 1513->1517 1516->1517 1518 85fdd5-85fe12 call 889d80 call 887dd0 call 887d90 call 887ca0 1517->1518 1519 85fdb9-85fdbc 1517->1519 1518->1444 1533 85fe18-85fe24 call 97945e 1518->1533 1521 85fdc1-85fdc4 1519->1521 1522 85fdbe 1519->1522 1521->1519 1525 85fdc6-85fdd2 1521->1525 1522->1521 1525->1518 1533->1444
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • _strlen.LIBCMT ref: 0085FD06
                                                                                                                                                                                                    • _strlen.LIBCMT ref: 0085FD2E
                                                                                                                                                                                                    • _strlen.LIBCMT ref: 0085FE4D
                                                                                                                                                                                                      • Part of subcall function 0085F8E0: GetUserNameW.ADVAPI32(?,?), ref: 0085F91D
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _strlen$NameUser
                                                                                                                                                                                                    • String ID: <USERNAME>$data$profile${CompanyName}${CompanyName}/{ProductName} {InternalStream}${InternalStream}${ProductName}
                                                                                                                                                                                                    • API String ID: 1881245836-2942531514
                                                                                                                                                                                                    • Opcode ID: 1b06d99eb4460bc73badeab038c9588887bbef12ca151009788d624301984755
                                                                                                                                                                                                    • Instruction ID: ba98175815eaeec52f70af250415ef25759a6c4a77e409fa4cc4d611df8abc86
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1b06d99eb4460bc73badeab038c9588887bbef12ca151009788d624301984755
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 01D1BD72508351ABCB109F28C881A6BBBE5FFD2744F04482DF99597252DB31EA09CB93
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 0088BF60 Relevance: 17.8, APIs: 5, Strings: 5, Instructions: 265timeCOMMON
                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 1747 88bf60-88bf8b 1748 88bf98 1747->1748 1749 88bf8d-88bf96 call 9942d0 1747->1749 1751 88bf9a-88bfb5 call 895530 1748->1751 1749->1751 1755 88bfd6 1751->1755 1756 88bfb7-88bfbd 1751->1756 1759 88bfda-88c004 call 841741 1755->1759 1757 88bfc3-88bfd4 1756->1757 1758 88c295-88c298 1756->1758 1757->1759 1762 88c02b-88c034 1759->1762 1763 88c006-88c028 call 9942d0 call 841741 * 2 1759->1763 1764 88c05e-88c069 1762->1764 1765 88c036-88c05b call 8c6720 call 8c6700 call 841741 1762->1765 1763->1762 1768 88c089-88c090 1764->1768 1769 88c06b-88c086 call 861c60 call 86a3e0 call 841741 1764->1769 1765->1764 1772 88c18b-88c192 1768->1772 1773 88c096-88c188 GetLocalTime call 86a020 * 2 call 841741 call 86a020 * 3 call 841741 call 86a020 call 841741 1768->1773 1769->1768 1778 88c194-88c1b2 GetTickCount call 86a7a0 call 841741 1772->1778 1779 88c1b5-88c1ba 1772->1779 1773->1772 1778->1779 1787 88c1eb-88c203 call 841741 call 86a200 1779->1787 1788 88c1bc-88c1c6 1779->1788 1810 88c208-88c260 call 841741 call 894e00 call 841741 call 86a200 call 841741 call 845604 1787->1810 1790 88c1c8 1788->1790 1791 88c1cf-88c1e9 call 9942d0 call 841741 1788->1791 1790->1791 1791->1810 1836 88c26a-88c27d call 97945e 1810->1836 1837 88c262-88c268 1810->1837 1839 88c280-88c292 call 9794aa 1836->1839 1837->1839
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • _strlen.LIBCMT ref: 0088BF8E
                                                                                                                                                                                                    • _strlen.LIBCMT ref: 0088C007
                                                                                                                                                                                                    • GetLocalTime.KERNEL32(0000005B,?,?,?,?,?,?,?,00000198,?,?,0088BF52,00000198,?,?), ref: 0088C0A1
                                                                                                                                                                                                    • GetTickCount.KERNEL32 ref: 0088C194
                                                                                                                                                                                                    • _strlen.LIBCMT ref: 0088C1D0
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _strlen$CountLocalTickTime
                                                                                                                                                                                                    • String ID: )] $:$:$UNKNOWN$VERBOSE
                                                                                                                                                                                                    • API String ID: 3535325690-776901039
                                                                                                                                                                                                    • Opcode ID: 3be743f9abe5ea2f7a85d806d26a39882b7ff1579fed0a38ef0a7a790b59ada0
                                                                                                                                                                                                    • Instruction ID: c7c98d041a7bc7542e80377cfec9b7854e12d29741b7539c4b3e66280037a31b
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3be743f9abe5ea2f7a85d806d26a39882b7ff1579fed0a38ef0a7a790b59ada0
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9891B4B1A083406FD710FB649C86F2B7B99FB84754F04491CF85597282E775A905CB63
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 008FCBC3 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 160COMMON
                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 1843 8fcbc3-8fcbe7 call 8fcf00 1846 8fcbed-8fcc08 1843->1846 1847 8fcdd2-8fcdd7 1843->1847 1848 8fcc4c-8fcc60 call 9794e7 1846->1848 1849 8fcc0a-8fcc15 1846->1849 1848->1849 1857 8fcc62-8fcc87 ConvertStringSecurityDescriptorToSecurityDescriptorW 1848->1857 1851 8fcc17-8fcc19 1849->1851 1852 8fcc25-8fcc2c 1849->1852 1854 8fcc1b-8fcc23 1851->1854 1855 8fcc34-8fcc4b call 9794aa 1851->1855 1852->1855 1856 8fcc2e 1852->1856 1854->1855 1856->1855 1859 8fcc8d-8fccfd BuildExplicitAccessWithNameW BuildSecurityDescriptorW 1857->1859 1860 8fcd55-8fcd61 call 88be20 1857->1860 1863 8fcd9a-8fcda3 1859->1863 1864 8fcd03-8fcd18 SetLastError call 88be20 1859->1864 1868 8fcdba-8fcdcd call 97955d 1860->1868 1869 8fcd63-8fcd98 call 88c840 call 88c9e0 call 841741 call 88ca90 1860->1869 1867 8fcda7-8fcdac 1863->1867 1864->1867 1875 8fcd1e-8fcd53 call 88c840 call 88c9e0 call 841741 call 88ca90 1864->1875 1867->1868 1871 8fcdae-8fcdb7 call 926608 1867->1871 1868->1849 1869->1868 1871->1868 1875->1867
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • __Init_thread_header.LIBCMT ref: 008FCC51
                                                                                                                                                                                                    • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(D:(A;;GA;;;SY)(A;;GWGR;;;S-1-15-2-1)S:(ML;;;;;S-1-16-0),00000001,?,00000000), ref: 008FCC80
                                                                                                                                                                                                    • BuildExplicitAccessWithNameW.ADVAPI32(?,?,10000000,00000001,00000000), ref: 008FCCD1
                                                                                                                                                                                                    • BuildSecurityDescriptorW.ADVAPI32(00000000,00000000,00000001,?,00000000,00000000,?,?,?), ref: 008FCCF5
                                                                                                                                                                                                    • SetLastError.KERNEL32(00000000), ref: 008FCD04
                                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 008FCDC5
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • D:(A;;GA;;;SY)(A;;GWGR;;;S-1-15-2-1)S:(ML;;;;;S-1-16-0), xrefs: 008FCC7B
                                                                                                                                                                                                    • BuildSecurityDescriptor, xrefs: 008FCD3E
                                                                                                                                                                                                    • ../../third_party/crashpad/crashpad/util/win/registration_protocol_win.cc, xrefs: 008FCD2E, 008FCD73
                                                                                                                                                                                                    • ConvertStringSecurityDescriptorToSecurityDescriptor, xrefs: 008FCD83
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: DescriptorSecurity$Build$AccessConvertErrorExplicitInit_thread_footerInit_thread_headerLastNameStringWith
                                                                                                                                                                                                    • String ID: ../../third_party/crashpad/crashpad/util/win/registration_protocol_win.cc$BuildSecurityDescriptor$ConvertStringSecurityDescriptorToSecurityDescriptor$D:(A;;GA;;;SY)(A;;GWGR;;;S-1-15-2-1)S:(ML;;;;;S-1-16-0)
                                                                                                                                                                                                    • API String ID: 1468532445-440191626
                                                                                                                                                                                                    • Opcode ID: d045504f947e792f5202cafdc0b7394b69972278bcadde427ac8bc502a7b1dd4
                                                                                                                                                                                                    • Instruction ID: 1b59a38e58df094f765a35862c908980c613c56c76ca5a07997ab16851763969
                                                                                                                                                                                                    • Opcode Fuzzy Hash: d045504f947e792f5202cafdc0b7394b69972278bcadde427ac8bc502a7b1dd4
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 51511671514348AADA20EF34ED46EBB7BA8FFC4710F004629FA99D72A1DB309945C762
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 0098C5CC Relevance: 13.8, APIs: 9, Instructions: 273COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 2144 98c5cc-98c5fc call 98ca4c 2147 98c5fe-98c609 call 98a805 2144->2147 2148 98c617-98c623 call 98b457 2144->2148 2153 98c60b-98c612 call 98a7f2 2147->2153 2154 98c63c-98c670 call 98c9b7 2148->2154 2155 98c625-98c63a call 98a805 call 98a7f2 2148->2155 2162 98c8f1-98c8f5 2153->2162 2161 98c675-98c685 2154->2161 2155->2153 2164 98c6f2-98c6fb GetFileType 2161->2164 2165 98c687-98c690 2161->2165 2166 98c6fd-98c72e GetLastError call 98a818 CloseHandle 2164->2166 2167 98c744-98c747 2164->2167 2169 98c692-98c696 2165->2169 2170 98c6c7-98c6ed GetLastError call 98a818 2165->2170 2166->2153 2183 98c734-98c73f call 98a7f2 2166->2183 2174 98c749-98c74e 2167->2174 2175 98c750-98c756 2167->2175 2169->2170 2171 98c698-98c6c5 call 98c9b7 2169->2171 2170->2153 2171->2164 2171->2170 2177 98c75a-98c7a8 call 98b5fb 2174->2177 2176 98c758 2175->2176 2175->2177 2176->2177 2186 98c7aa-98c7b6 call 98cbc6 2177->2186 2187 98c7c7-98c7ef call 98cc70 2177->2187 2183->2153 2186->2187 2193 98c7b8 2186->2193 2194 98c7f1-98c7f2 2187->2194 2195 98c7f4-98c835 2187->2195 2198 98c7ba-98c7c2 call 988191 2193->2198 2194->2198 2196 98c856-98c864 2195->2196 2197 98c837-98c83b 2195->2197 2200 98c86a-98c86e 2196->2200 2201 98c8ef 2196->2201 2197->2196 2199 98c83d-98c851 2197->2199 2198->2162 2199->2196 2200->2201 2203 98c870-98c8a3 CloseHandle call 98c9b7 2200->2203 2201->2162 2207 98c8a5-98c8d1 GetLastError call 98a818 call 98b56a 2203->2207 2208 98c8d7-98c8eb 2203->2208 2207->2208 2208->2201
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                      • Part of subcall function 0098C9B7: CreateFileW.KERNELBASE(00000000,00000000,?,0098C675,?,?,00000000,?,0098C675,00000000,0000000C), ref: 0098C9D4
                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0098C6E0
                                                                                                                                                                                                    • __dosmaperr.LIBCMT ref: 0098C6E7
                                                                                                                                                                                                    • GetFileType.KERNEL32(00000000), ref: 0098C6F3
                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0098C6FD
                                                                                                                                                                                                    • __dosmaperr.LIBCMT ref: 0098C706
                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 0098C726
                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 0098C873
                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 0098C8A5
                                                                                                                                                                                                    • __dosmaperr.LIBCMT ref: 0098C8AC
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 4237864984-0
                                                                                                                                                                                                    • Opcode ID: 32737c2b7be0bc4538290d31764f5cf68b3cfede216ee4188d667511c0f82d7e
                                                                                                                                                                                                    • Instruction ID: cdbb4f892da0b594e6e06f1d315bd9e230ddbf10bf71ff5351bcb150238756f2
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 32737c2b7be0bc4538290d31764f5cf68b3cfede216ee4188d667511c0f82d7e
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6DA14772A141458FCF19EF68DC927AE3BA5AB46324F18015DF801EF391DB359C02DB62
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00841000 Relevance: 10.8, APIs: 1, Strings: 5, Instructions: 251COMMON
                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                      • Part of subcall function 00883F70: GetCommandLineW.KERNEL32(?,00000000), ref: 00883FE7
                                                                                                                                                                                                    • _strlen.LIBCMT ref: 00841055
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CommandLine_strlen
                                                                                                                                                                                                    • String ID: ../../opera/desktop/windows/assistant/installer/assistant_installer_main.cc$Running assistant installer with command line $WinMain$assistant_installer_%02d%02d%02d%02d%02d%02d.log$asstgx_ins
                                                                                                                                                                                                    • API String ID: 1507289288-2816526336
                                                                                                                                                                                                    • Opcode ID: 75086fe935118403f102b6f93e6d27d791069233e2bf666f94450fe464d86e56
                                                                                                                                                                                                    • Instruction ID: 2ce1d2ed2f50c1e3dcefe745be26eec42b339aa67dbf8560216bf42cc4c12825
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 75086fe935118403f102b6f93e6d27d791069233e2bf666f94450fe464d86e56
                                                                                                                                                                                                    • Instruction Fuzzy Hash: D391B0B19007059BDB20BF78DC82B6BB7A5FF95300F044929E99AC7642EB70A545C7A2
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 008A9A00 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 177timeCOMMON
                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 2423 8a9a00-8a9a08 2424 8a9a0a-8a9a15 SystemFunction036 2423->2424 2425 8a9a17-8a9a18 2423->2425 2424->2425 2426 8a9a19-8a9a42 2424->2426 2427 8a9a98-8a9ad4 2426->2427 2428 8a9a44-8a9a93 GetSystemTimeAsFileTime call 979750 2426->2428 2432 8a9ada-8a9ae9 2427->2432 2433 8a9b7d-8a9bd2 2427->2433 2428->2427 2437 8a9af0-8a9b77 GetSystemTimeAsFileTime call 979750 2432->2437 2434 8a9bfe-8a9c4d 2433->2434 2435 8a9bd4-8a9bed 2433->2435 2440 8a9c53-8a9c6f call 9794aa 2434->2440 2438 8a9c4f 2435->2438 2439 8a9bef-8a9bf9 2435->2439 2437->2433 2438->2440 2439->2440 2441 8a9bfb-8a9bfc 2439->2441 2441->2434
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • SystemFunction036.ADVAPI32(FFFFFFFF,FFFFFFFF,?,00891BE8,?,00000008,000000FF), ref: 008A9A0E
                                                                                                                                                                                                    • GetSystemTimeAsFileTime.KERNEL32(?), ref: 008A9A76
                                                                                                                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 008A9A88
                                                                                                                                                                                                    • GetSystemTimeAsFileTime.KERNEL32(?), ref: 008A9B1E
                                                                                                                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 008A9B2C
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Time$System$FileUnothrow_t@std@@@__ehfuncinfo$??2@$Function036
                                                                                                                                                                                                    • String ID: ys/
                                                                                                                                                                                                    • API String ID: 2980182385-195206561
                                                                                                                                                                                                    • Opcode ID: 0e146fcc56559b3d87f3a09474c6cca753d2f5cb6375adbe3da1572e346d8b2b
                                                                                                                                                                                                    • Instruction ID: 70b0c390c608fb5c8f107f4553916f3a6a5d1c15d4a8732bef999308053ead0c
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0e146fcc56559b3d87f3a09474c6cca753d2f5cb6375adbe3da1572e346d8b2b
                                                                                                                                                                                                    • Instruction Fuzzy Hash: B161907160D3019FC714CF68D88076B7BE5FBC9720F158A2CE9E8872A0DB31A945DB92
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 0088BBA0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 176fileCOMMON
                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 2448 88bba0-88bbbf 2449 88bbc5-88bbcd 2448->2449 2450 88bdf6-88be0c call 9794aa 2448->2450 2452 88bbcf-88bbd6 2449->2452 2453 88bbe1-88bc36 call 9793de call 97da70 GetModuleFileNameW call 994504 2449->2453 2456 88bcdb-88bcdf 2452->2456 2457 88bbdc 2452->2457 2471 88bc3c-88bc41 2453->2471 2472 88be0d-88be0f call 880494 2453->2472 2459 88bce1 2456->2459 2460 88bce3-88bd16 CreateFileW 2456->2460 2457->2450 2459->2460 2460->2450 2462 88bd1c-88bd52 call 97da70 GetCurrentDirectoryW 2460->2462 2467 88bd58-88bd5d 2462->2467 2468 88bdf4 2462->2468 2467->2468 2470 88bd63-88bd7b call 881bbc 2467->2470 2468->2450 2482 88bd7d-88bd7f 2470->2482 2483 88bd81-88bd83 2470->2483 2475 88bc4e-88bc54 2471->2475 2476 88bc43-88bc4a 2471->2476 2478 88be14-88be19 call 98d9b4 2472->2478 2475->2478 2481 88bc5a-88bc74 call 9793de 2475->2481 2479 88bc7a-88bc8a call 97cf70 2476->2479 2480 88bc4c 2476->2480 2485 88bc8d-88bc99 2479->2485 2480->2485 2481->2479 2490 88bd86-88bd8c 2482->2490 2483->2490 2488 88bc9b 2485->2488 2489 88bc9e-88bcad call 8820c2 2485->2489 2488->2489 2500 88bcbc-88bcd5 call 881a38 2489->2500 2501 88bcaf-88bcb7 call 881dd6 2489->2501 2495 88bd9e-88bdb1 call 881a38 2490->2495 2496 88bd8e-88bd98 call 881a38 2490->2496 2506 88bdb3 2495->2506 2507 88bdb5-88bde8 CreateFileW 2495->2507 2496->2495 2500->2450 2500->2456 2501->2500 2506->2507 2507->2450 2509 88bdea 2507->2509 2509->2468
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 0088BC0E
                                                                                                                                                                                                    • CreateFileW.KERNELBASE ref: 0088BD05
                                                                                                                                                                                                    • GetCurrentDirectoryW.KERNEL32(00000104,00000000,?,?,?,?,?,?,?,debug.log,0000005C,?), ref: 0088BD4A
                                                                                                                                                                                                    • CreateFileW.KERNEL32 ref: 0088BDD7
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: File$Create$CurrentDirectoryModuleName
                                                                                                                                                                                                    • String ID: debug.log
                                                                                                                                                                                                    • API String ID: 4120427848-600467936
                                                                                                                                                                                                    • Opcode ID: 6522e44d3ccbabe17bb88575c004803134ea5cfa157c401f1bb0ccec28d52458
                                                                                                                                                                                                    • Instruction ID: 0eb9e14c7dea94f9bd6cac13bc697807653becee28021713b566ba2f1f162835
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6522e44d3ccbabe17bb88575c004803134ea5cfa157c401f1bb0ccec28d52458
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 07511671A18301ABE720BF28CC897AA7BB4FF91714F14851CE445DB2E1DB74A988C792
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 008BFF91 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 167COMMON
                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 2510 8bff91-8bffb2 2511 8bffb7-8bfff0 call 8bf782 call 8fc50c 2510->2511 2512 8bffb4 2510->2512 2517 8c000d-8c0014 2511->2517 2518 8bfff2-8bfffa 2511->2518 2512->2511 2521 8c0019 2517->2521 2519 8bfffc-8bffff 2518->2519 2520 8c0001-8c0009 2518->2520 2519->2520 2520->2521 2522 8c000b 2520->2522 2523 8c001b-8c004e call 97cf70 call 8fc768 GetCurrentProcessId call 893aa0 2521->2523 2522->2523 2530 8c0056-8c007f call 97cf70 call 8fc768 2523->2530 2531 8c0050-8c0053 2523->2531 2536 8c008c-8c009e call 8c1ee0 2530->2536 2537 8c0081-8c0089 call 97945e 2530->2537 2531->2530 2542 8c00a6-8c00cf call 97cf70 call 8fc768 2536->2542 2543 8c00a0-8c00a3 2536->2543 2537->2536 2548 8c00dc-8c00fa call 88beb0 call 8dc3a0 2542->2548 2549 8c00d1-8c00d9 call 97945e 2542->2549 2543->2542 2556 8c00fc-8c0157 call 9793de call 863450 call 907b42 call 867f49 call 8c0242 call 90880a 2548->2556 2557 8c0166-8c017f call 887d90 call 9794aa 2548->2557 2549->2548 2575 8c015c-8c0163 call 8c0353 2556->2575 2575->2557
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetCurrentProcessId.KERNEL32(00000007,?,?,?,?,?,?,?,?,?,?,?,?,?,008C01BF,?), ref: 008C0035
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CurrentProcess
                                                                                                                                                                                                    • String ID: 6612$asstgx_ins$browser$x86_64
                                                                                                                                                                                                    • API String ID: 2050909247-3986675689
                                                                                                                                                                                                    • Opcode ID: 60446d6b8b3c2c33864d2166d324c4cf9325c005c4f6c1a9df45430ac672e0f6
                                                                                                                                                                                                    • Instruction ID: c561ce2c2207209bbd946fcf3d7635f70d740822d241962f53b7437cad4e2e96
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 60446d6b8b3c2c33864d2166d324c4cf9325c005c4f6c1a9df45430ac672e0f6
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4F5109B2E002559BDB156BA49C41FBF7BB5EF85314F098028F949E7342DA35E904CBA2
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 0088BA00 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 125fileCOMMON
                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 2578 88ba00-88ba28 call 884250 call 884730 2583 88ba2a-88ba38 call 884730 2578->2583 2584 88ba3e-88ba45 2578->2584 2583->2584 2590 88bad0-88bade 2583->2590 2585 88bb9b-88bb9f 2584->2585 2586 88ba4b-88bac8 call 9793de call 9942d0 call 8847a0 call 9942d0 call 8847a0 call 8c6090 2584->2586 2621 88baca-88bace 2586->2621 2622 88bb11-88bb20 call 97945e 2586->2622 2592 88bae4-88baeb 2590->2592 2593 88bb87-88bb9a call 9794aa 2590->2593 2595 88baed-88bb06 CloseHandle 2592->2595 2596 88bb2f-88bb37 2592->2596 2599 88bb08-88bb0f 2595->2599 2600 88bb5e-88bb6a call 881bbc 2595->2600 2596->2600 2603 88bb39-88bb59 call 9793de 2596->2603 2599->2603 2610 88bb6c-88bb75 2600->2610 2611 88bb80 call 88bba0 2600->2611 2603->2600 2613 88bb79-88bb7a DeleteFileW 2610->2613 2614 88bb77 2610->2614 2617 88bb85 2611->2617 2613->2611 2614->2613 2617->2593 2621->2590 2623 88bb22-88bb2d call 97945e 2621->2623 2622->2590 2622->2623 2623->2590
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                      • Part of subcall function 00884730: _strlen.LIBCMT ref: 00884751
                                                                                                                                                                                                    • _strlen.LIBCMT ref: 0088BA6D
                                                                                                                                                                                                    • _strlen.LIBCMT ref: 0088BA93
                                                                                                                                                                                                    • CloseHandle.KERNEL32(0000034C,009B6AEF), ref: 0088BAEE
                                                                                                                                                                                                    • DeleteFileW.KERNEL32(04B3E1A0,?,009B6AEF), ref: 0088BB7A
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _strlen$CloseDeleteFileHandle
                                                                                                                                                                                                    • String ID: vmodule
                                                                                                                                                                                                    • API String ID: 1068956878-2939338212
                                                                                                                                                                                                    • Opcode ID: b9dd81c029f63067050195c23a0084985ab515bac83a1d59ce23900bd881132b
                                                                                                                                                                                                    • Instruction ID: 17114b82bb13befa5b6977f274bdc158f9519dde3b6845a81e2ed32ea8916f18
                                                                                                                                                                                                    • Opcode Fuzzy Hash: b9dd81c029f63067050195c23a0084985ab515bac83a1d59ce23900bd881132b
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4E41B3B0A14249AFEF14FFA8EC55B7E7BA4FB84324F048028E405D72A1E775A944C792
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 0088C2A0 Relevance: 7.8, APIs: 5, Instructions: 326COMMON
                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 2628 88c2a0-88c391 call 869eb8 call 87bb88 call 86cc00 call 86ab60 call 869db0 call 845604 2644 88c6a2-88c6b9 2628->2644 2645 88c397-88c456 call 97ea2f call 9928cd call 97ea2f call 9919a3 2628->2645 2649 88c6bf-88c789 call 9793de call 8c92a0 call 861c60 call 8a9c70 call 8aecc0 2644->2649 2650 88c833-88c836 2644->2650 2670 88c493-88c497 2645->2670 2649->2645 2676 88c7bd-88c7d1 call 9794e7 2649->2676 2671 88c4c9-88c4cd 2670->2671 2672 88c499-88c4a7 2670->2672 2677 88c62d-88c631 2671->2677 2674 88c4a9-88c4c2 call 8c8870 2672->2674 2675 88c4d2-88c4ed call 97da70 2672->2675 2674->2671 2691 88c4ef-88c4f3 2675->2691 2692 88c4f5 2675->2692 2689 88c532-88c53d 2676->2689 2690 88c7d7-88c7f0 call 97955d 2676->2690 2679 88c63f-88c666 call 8c66e0 2677->2679 2680 88c633-88c63c call 97945e 2677->2680 2698 88c668-88c670 call 97945e 2679->2698 2699 88c673-88c6a1 call 869a44 call 84ce50 call 869a3a call 9794aa 2679->2699 2680->2679 2694 88c82d-88c82e 2689->2694 2695 88c543-88c568 2689->2695 2690->2689 2697 88c4f9-88c52c call 897ee0 call 84ce50 2691->2697 2692->2697 2700 88c830-88c831 2694->2700 2701 88c56e-88c583 2695->2701 2702 88c7f5-88c809 call 9794e7 2695->2702 2697->2676 2697->2689 2698->2699 2700->2650 2701->2700 2707 88c589-88c5a2 call 883980 2701->2707 2702->2701 2718 88c80f-88c828 call 97955d 2702->2718 2721 88c620-88c629 call 883960 2707->2721 2722 88c5a4-88c5b0 2707->2722 2718->2701 2721->2677 2726 88c5b8 2722->2726 2727 88c5b2-88c5b6 2722->2727 2731 88c5bc-88c5c8 2726->2731 2727->2731 2733 88c5ca-88c5d3 call 9942d0 2731->2733 2734 88c5d5 2731->2734 2736 88c5d7-88c61c 2733->2736 2734->2736 2736->2721
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 58f9b3624ca36ba5c0f3a2e21476ac8db6d1ae5530f311fba38feb9478b59edb
                                                                                                                                                                                                    • Instruction ID: c0e622305d8dd41d325d6bd04b47066767fe546e58e0287b2a5e7c34d306b4a9
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 58f9b3624ca36ba5c0f3a2e21476ac8db6d1ae5530f311fba38feb9478b59edb
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5AC1C3B1A083419FD710EF24C881A2AB7F0FFC9714F008A2DF59997292D771EA05CB92
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00905423 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 130COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetFileAttributesW.KERNELBASE(00000004), ref: 00905446
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: AttributesFile
                                                                                                                                                                                                    • String ID: ../../third_party/crashpad/crashpad/client/crash_report_database_win.cc$: not a directory$GetFileAttributes
                                                                                                                                                                                                    • API String ID: 3188754299-3496458271
                                                                                                                                                                                                    • Opcode ID: 42a7f1db06b808f20195afbdd788a73d98b95086ec3e907f4e322cd81ee4249e
                                                                                                                                                                                                    • Instruction ID: c6f22f17779fae04f8a2154aee3e24805bdbeae520e3359e90478d545388781e
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 42a7f1db06b808f20195afbdd788a73d98b95086ec3e907f4e322cd81ee4249e
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5241E971A002286EEF20BB54DC86FEA7769EF50754F0440A4F949E71C3E7716E488F62
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00867387 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 93COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • __Init_thread_header.LIBCMT ref: 00867411
                                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 0086749B
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Init_thread_footerInit_thread_header
                                                                                                                                                                                                    • String ID: Crash Reports$OPERA_CRASH_LOG_DIR
                                                                                                                                                                                                    • API String ID: 4092853384-687564514
                                                                                                                                                                                                    • Opcode ID: 17870108f47051318b175d2ab9cf153c1d7800da24b5a4cf166494a49c40c0b8
                                                                                                                                                                                                    • Instruction ID: cee00654d0cdc2ff53ca138600e9e196970e02559764caa87fbc359cc6608200
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 17870108f47051318b175d2ab9cf153c1d7800da24b5a4cf166494a49c40c0b8
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 65314771A082158BD700BB789CC1ABE77A5FF81358B058039ED29DB382DE389905D7E2
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00905307 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 91COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • CreateDirectoryW.KERNELBASE(?,00000000), ref: 0090532C
                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 0090533C
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • ../../third_party/crashpad/crashpad/client/crash_report_database_win.cc, xrefs: 00905389
                                                                                                                                                                                                    • CreateDirectory , xrefs: 0090539B
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CreateDirectoryErrorLast
                                                                                                                                                                                                    • String ID: ../../third_party/crashpad/crashpad/client/crash_report_database_win.cc$CreateDirectory
                                                                                                                                                                                                    • API String ID: 1375471231-4140125794
                                                                                                                                                                                                    • Opcode ID: a8afd8cc9543cdb55a96a9b51ba8e603b35ff401d1de2d6075d293ae12be9b74
                                                                                                                                                                                                    • Instruction ID: b8937e20f792d4cdbc05f97807c3e5868434a6e2329c9da10e1767e254fbd879
                                                                                                                                                                                                    • Opcode Fuzzy Hash: a8afd8cc9543cdb55a96a9b51ba8e603b35ff401d1de2d6075d293ae12be9b74
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0E210931A002289FEB10BB54EC86FBAB368EF44354F0440A9F949D72C2D7716E488B62
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00845E80 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 244COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _strlen
                                                                                                                                                                                                    • String ID: Internet Browser
                                                                                                                                                                                                    • API String ID: 4218353326-2063419344
                                                                                                                                                                                                    • Opcode ID: 6c66a6f04e0b2c5915620543b348392f3f718fcfa9809356a819812eeef6a21f
                                                                                                                                                                                                    • Instruction ID: bf5dd236894900b3c679c72f9f0bea0bbe012436a2d59e282c0f08cf4212d2d0
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6c66a6f04e0b2c5915620543b348392f3f718fcfa9809356a819812eeef6a21f
                                                                                                                                                                                                    • Instruction Fuzzy Hash: F0A103B0D04649AFEF11DBA4C845BAFBBF0FF46304F044059E44ABB292E771A955C762
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 0086724C Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 120COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • _strlen.LIBCMT ref: 0086727D
                                                                                                                                                                                                      • Part of subcall function 008A24E0: GetFileAttributesW.KERNELBASE(?,?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 008A2551
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: AttributesFile_strlen
                                                                                                                                                                                                    • String ID: Crash Reports$OPERA_CRASH_LOG_DIR
                                                                                                                                                                                                    • API String ID: 2348415028-687564514
                                                                                                                                                                                                    • Opcode ID: 5670e1e2fe995ed388c72428a3ff6d6944b9a688568a2bc6bada91fc6e73686a
                                                                                                                                                                                                    • Instruction ID: 08c185c37737f8e6764fc0be7195f92c05b861d210b829c319e1a17e440ad525
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5670e1e2fe995ed388c72428a3ff6d6944b9a688568a2bc6bada91fc6e73686a
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6A3124B1B042055BDF05FF6898516FFBBB5FF85318F054029E81AE7342EB25A90587E2
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 008A3180 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 86COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _strlen
                                                                                                                                                                                                    • String ID: ../../base/files/file_util_win.cc$OpenFile
                                                                                                                                                                                                    • API String ID: 4218353326-4080947147
                                                                                                                                                                                                    • Opcode ID: 5beb3ae9af26eb3df54fe7ddbf52b19aff007f1a0cd4ea2f8a69c80bf69b06b6
                                                                                                                                                                                                    • Instruction ID: af53f0a2ef145ee08b06246544d0ac60c906508cedf80c0db1e4dfe824da5c83
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5beb3ae9af26eb3df54fe7ddbf52b19aff007f1a0cd4ea2f8a69c80bf69b06b6
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1131D6719043916BE620AB288C06B6EBBA4FFC6734F14471CF9F8961C1E771AA458787
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 0093AA84 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 72COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • SetFilePointerEx.KERNELBASE ref: 0093AAF5
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • SetFilePointerEx, xrefs: 0093AB42
                                                                                                                                                                                                    • ../../third_party/crashpad/crashpad/util/file/file_io_win.cc, xrefs: 0093AB32
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: FilePointer
                                                                                                                                                                                                    • String ID: ../../third_party/crashpad/crashpad/util/file/file_io_win.cc$SetFilePointerEx
                                                                                                                                                                                                    • API String ID: 973152223-2639227240
                                                                                                                                                                                                    • Opcode ID: b1941959d56bd0bd597f22e49c2b53fdf56830651ca5cc75f9d80a6d51f3686b
                                                                                                                                                                                                    • Instruction ID: 170f1a23fa1652a21224c65e27b927a0a9944f9e549fdd2635a3aa8889ce6d30
                                                                                                                                                                                                    • Opcode Fuzzy Hash: b1941959d56bd0bd597f22e49c2b53fdf56830651ca5cc75f9d80a6d51f3686b
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9021B8729043549BC720EF289802B9FF7AAEFC5710F01851DE89997381D7709905CB93
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 0093AB75 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 54fileCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                      • Part of subcall function 0093AA84: SetFilePointerEx.KERNELBASE ref: 0093AAF5
                                                                                                                                                                                                    • SetEndOfFile.KERNELBASE(009087EB), ref: 0093ABA0
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • ../../third_party/crashpad/crashpad/util/file/file_io_win.cc, xrefs: 0093ABCF
                                                                                                                                                                                                    • SetEndOfFile, xrefs: 0093ABE1
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: File$Pointer
                                                                                                                                                                                                    • String ID: ../../third_party/crashpad/crashpad/util/file/file_io_win.cc$SetEndOfFile
                                                                                                                                                                                                    • API String ID: 1339342385-591553600
                                                                                                                                                                                                    • Opcode ID: 8c8e8f0fdcd1e572bb9b35f0e16b9dec336564a584408f49ecc179754e1cb4b7
                                                                                                                                                                                                    • Instruction ID: 33ec7774055b2dc079bf95a475fa0e6cd7928e2261598da932a9a04c6127fcd4
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8c8e8f0fdcd1e572bb9b35f0e16b9dec336564a584408f49ecc179754e1cb4b7
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7801D461E402182BEB10BBA85C83FBFB72DDB55398F444064FD0997282EA655D488AA3
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 008A24E0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetFileAttributesW.KERNELBASE(?,?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 008A2551
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • DirectoryExists, xrefs: 008A252C
                                                                                                                                                                                                    • ../../base/files/file_util_win.cc, xrefs: 008A2527
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: AttributesFile
                                                                                                                                                                                                    • String ID: ../../base/files/file_util_win.cc$DirectoryExists
                                                                                                                                                                                                    • API String ID: 3188754299-2653227169
                                                                                                                                                                                                    • Opcode ID: 032138cf7068b8413a02edde0de585e0f7c9af60874a792c6c70b904862b9dd2
                                                                                                                                                                                                    • Instruction ID: a5485610939514f8eff311e358590f6fe78b41756c3eea7720c70482ae84eefe
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 032138cf7068b8413a02edde0de585e0f7c9af60874a792c6c70b904862b9dd2
                                                                                                                                                                                                    • Instruction Fuzzy Hash: DE010C72A147815BD7106B2C8C8666EB764FFCA770F10071DF5F5932C1EBB0A54586C2
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 008A2320 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 48COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetFileAttributesW.KERNELBASE(FFFFFFFF,?,00000000), ref: 008A2391
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: AttributesFile
                                                                                                                                                                                                    • String ID: ../../base/files/file_util_win.cc$PathExists
                                                                                                                                                                                                    • API String ID: 3188754299-1196770437
                                                                                                                                                                                                    • Opcode ID: 2e3a707e01701562ff8cb3448c9184c8925a530fd703d5206bae42e0f94f7e64
                                                                                                                                                                                                    • Instruction ID: a0fa9ab1495bb55a4d4d83506d5c5a23ef84720c3444a1be1b338b2e928ee88a
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2e3a707e01701562ff8cb3448c9184c8925a530fd703d5206bae42e0f94f7e64
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 990126726143815BD610AB2C8C8666EB7A8FFCA770F50071DF5F5922C1EB70A94082C2
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 0093AC0E Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 48COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • FindCloseChangeNotification.KERNELBASE(008FCAFE), ref: 0093AC29
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • ../../third_party/crashpad/crashpad/util/file/file_io_win.cc, xrefs: 0093AC58
                                                                                                                                                                                                    • CloseHandle, xrefs: 0093AC6A
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ChangeCloseFindNotification
                                                                                                                                                                                                    • String ID: ../../third_party/crashpad/crashpad/util/file/file_io_win.cc$CloseHandle
                                                                                                                                                                                                    • API String ID: 2591292051-1576210609
                                                                                                                                                                                                    • Opcode ID: 6c9b9114b54b1146d247f9b905422d0370170068632cfc0a6031797183fdb551
                                                                                                                                                                                                    • Instruction ID: d7dac96d481641588ad3ce7af8300dd105e9869fbaedc5c430590eb696e683d8
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6c9b9114b54b1146d247f9b905422d0370170068632cfc0a6031797183fdb551
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9801A771A403281BDA20BB549C47FBF771DEB84750F400065BD459B3C2EB715D0486E3
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 008AA1D0 Relevance: 4.6, APIs: 3, Instructions: 71timeCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • FileTimeToSystemTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,008410CE,00000001,?,00000000), ref: 008AA239
                                                                                                                                                                                                    • SystemTimeToTzSpecificLocalTime.KERNELBASE(00000000,?,?,?,?,?,?,?,?,?,?,?,?,008410CE,00000001,?), ref: 008AA24B
                                                                                                                                                                                                    • FileTimeToSystemTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,008410CE,00000001,?,00000000), ref: 008AA282
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Time$System$File$LocalSpecific
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 979780441-0
                                                                                                                                                                                                    • Opcode ID: e2138e7db7e9408ef76daea43d8c1bc8e7294584c052f1ca988778792a7bc18a
                                                                                                                                                                                                    • Instruction ID: d8f6aff60caec1f29ad6ca824e199c33eb0acd97d24d08812175f7268444c3a5
                                                                                                                                                                                                    • Opcode Fuzzy Hash: e2138e7db7e9408ef76daea43d8c1bc8e7294584c052f1ca988778792a7bc18a
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0E21B172E147858BD314CF34C841A66B7A8FFDA354F104B1EF4C496551EB35E688C782
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 0093A51E Relevance: 4.6, APIs: 3, Instructions: 68fileCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • ReadFile.KERNELBASE(00000000,00000000,7FFFFFFF,?,00000000,00000000,00000000), ref: 0093A553
                                                                                                                                                                                                    • ReadFile.KERNEL32(00000000,?,7FFFFFFF,FFFFFFFF,00000000), ref: 0093A58A
                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 0093A596
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: FileRead$ErrorLast
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1577890643-0
                                                                                                                                                                                                    • Opcode ID: d63bf1ed7a90e818251affdfcd5d1a2e8a784167d36c75fbbfc28d1f9d9aa699
                                                                                                                                                                                                    • Instruction ID: 0fa53bc0143f7f88f4fb9bbfc9a4d56b4090df3e9718531223f68a4594ca836a
                                                                                                                                                                                                    • Opcode Fuzzy Hash: d63bf1ed7a90e818251affdfcd5d1a2e8a784167d36c75fbbfc28d1f9d9aa699
                                                                                                                                                                                                    • Instruction Fuzzy Hash: B41182717042199FCB14DF64DDC4AAE77ACEB49330F600629F96ADB2D0DA34DD048B62
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 008A8690 Relevance: 4.6, APIs: 3, Instructions: 56COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • __Init_thread_header.LIBCMT ref: 008A8709
                                                                                                                                                                                                    • GetNativeSystemInfo.KERNELBASE ref: 008A8731
                                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 008A875C
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: InfoInit_thread_footerInit_thread_headerNativeSystem
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 420575652-0
                                                                                                                                                                                                    • Opcode ID: 812ec6a5cc7228f394c5c4137962ba67e39cf23b0d06a278261ffcf47a8f2b10
                                                                                                                                                                                                    • Instruction ID: 1992a04a9fc02d683fb47b1674fa57bc7b592f93fc7310309280d4577e6fa8df
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 812ec6a5cc7228f394c5c4137962ba67e39cf23b0d06a278261ffcf47a8f2b10
                                                                                                                                                                                                    • Instruction Fuzzy Hash: F0210271D28284C7E300CF28E8067F6B3A0FB99324F011325EDD583260EB31AD91D782
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 0099775C Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 26COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • InitializeCriticalSectionAndSpinCount.KERNEL32(00000FA0,-00000020,0099D1E0,-00000020,00000FA0,00000000,0000004E,0000002C,00000000), ref: 0099779C
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • InitializeCriticalSectionEx, xrefs: 0099776C
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CountCriticalInitializeSectionSpin
                                                                                                                                                                                                    • String ID: InitializeCriticalSectionEx
                                                                                                                                                                                                    • API String ID: 2593887523-3084827643
                                                                                                                                                                                                    • Opcode ID: 1b1848a35d14a54d4235c0f1535b51c733283dbb56b98b6f970c832e5b8a40c4
                                                                                                                                                                                                    • Instruction ID: a823e5afe8a3cec1bb0ad16db5075e3da46a3955a782c2955bcdcbdf3d4b23fc
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1b1848a35d14a54d4235c0f1535b51c733283dbb56b98b6f970c832e5b8a40c4
                                                                                                                                                                                                    • Instruction Fuzzy Hash: B3E09231599218BBCF122FD6CC05E9EBF15EB807A1B048021F91919161CA728C20EAD1
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00891B70 Relevance: 3.1, APIs: 2, Instructions: 62COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • __aullrem.LIBCMT ref: 00891BAF
                                                                                                                                                                                                      • Part of subcall function 008A9A00: SystemFunction036.ADVAPI32(FFFFFFFF,FFFFFFFF,?,00891BE8,?,00000008,000000FF), ref: 008A9A0E
                                                                                                                                                                                                    • __aullrem.LIBCMT ref: 00891C04
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: __aullrem$Function036System
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3297659922-0
                                                                                                                                                                                                    • Opcode ID: 67e3e02c4d36767dfa2c5565356c382c27ecbae40db6760ccfef9992d2884d63
                                                                                                                                                                                                    • Instruction ID: bee09f5a6f240b1013cfe2e2b83286560610efbea0a9c9dcc0a581ff38d808a1
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 67e3e02c4d36767dfa2c5565356c382c27ecbae40db6760ccfef9992d2884d63
                                                                                                                                                                                                    • Instruction Fuzzy Hash: A411D033A042116BC704AF2CCC45A4A7BA6EBC5370F15872CF8BD9B2D1DA30A904C781
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00845A70 Relevance: 3.0, APIs: 2, Instructions: 50COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • __Init_thread_header.LIBCMT ref: 00845AB8
                                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 00845B10
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Init_thread_footerInit_thread_header
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 4092853384-0
                                                                                                                                                                                                    • Opcode ID: dc389a35fcdf0ba50d572f69e92f99ccf0fb2fe2144e2a7a8d966df9c72d00cd
                                                                                                                                                                                                    • Instruction ID: 4e628d6ad6cb963722d4c05beaa295e8257ac811f0cd3d173472bf8f1b3d9a0e
                                                                                                                                                                                                    • Opcode Fuzzy Hash: dc389a35fcdf0ba50d572f69e92f99ccf0fb2fe2144e2a7a8d966df9c72d00cd
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 57012BB2E0052CABCB10EB68985376D7765FF44710F44C176ED0A9B382DA35AA04CB92
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 008BCE6A Relevance: 1.6, APIs: 1, Instructions: 122COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetFileType.KERNELBASE(?,?,?,?,?,008BBA0A,00000008,?,?,?,?,?,00000000,009F4F64,00000000), ref: 008BCE88
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: FileType
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3081899298-0
                                                                                                                                                                                                    • Opcode ID: 6242581eb4cc5f32168651650d372ffe1e662b4fb44199b450feae17b31dd732
                                                                                                                                                                                                    • Instruction ID: ee55bc3202b8799ee2ba92bbd104af27ee4024a91377f004c0c382237dcc0d2e
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6242581eb4cc5f32168651650d372ffe1e662b4fb44199b450feae17b31dd732
                                                                                                                                                                                                    • Instruction Fuzzy Hash: CF31D4B1A0060A8BDF28DF6DC8C15BEB7A6FF85314F14893AE416C7750E671ED418A91
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 0099F5C7 Relevance: 1.6, APIs: 1, Instructions: 59COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: __wsopen_s
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3347428461-0
                                                                                                                                                                                                    • Opcode ID: 98fe584463746c9373286e81d727bc0614d395472a509f6c5e2649c5b074266e
                                                                                                                                                                                                    • Instruction ID: 58bfbe56155c1d89b66725e21483dad32b8fc12d231156a4fac0e39c924cf758
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 98fe584463746c9373286e81d727bc0614d395472a509f6c5e2649c5b074266e
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9C112571A0420AAFCF05DF59E945A9ABBF8EB88314F154069F809EB311D631E921CBA5
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 009979F5 Relevance: 1.6, APIs: 1, Instructions: 57COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: a553daf6037b319cb7d8b495196c2336e637933d2b27e10b677542dc34da9387
                                                                                                                                                                                                    • Instruction ID: 787ab60095d0b4e890f9fe444ddf16c4b4a312b1254df3b4e73816a10df68337
                                                                                                                                                                                                    • Opcode Fuzzy Hash: a553daf6037b319cb7d8b495196c2336e637933d2b27e10b677542dc34da9387
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6401F53373A1116F9F15CFADEC40A6E779EABC43707258120FA01CB194EE30D901D680
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 008A81C0 Relevance: 1.5, APIs: 1, Instructions: 39COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • CoInitializeEx.OLE32(00000000,00000006,?,-00000001,?,0084107F,00000000), ref: 008A8219
                                                                                                                                                                                                      • Part of subcall function 008DE940: CoRegisterInitializeSpy.OLE32(00000000), ref: 008DE99E
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Initialize$Register
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2642324518-0
                                                                                                                                                                                                    • Opcode ID: d7aafcf3d2e15f8138884582aa0e40fae1cd11af722e665a0aac9f745d586af2
                                                                                                                                                                                                    • Instruction ID: aa7df82be68507e347fdd2b02a490840b992a5d8d5bf92744302239ca634c04b
                                                                                                                                                                                                    • Opcode Fuzzy Hash: d7aafcf3d2e15f8138884582aa0e40fae1cd11af722e665a0aac9f745d586af2
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 44F0C2716043049BE3209F69C905B2777E8FB85764F148069F50DCB780DFB2D802C7A1
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 0093A5C9 Relevance: 1.5, APIs: 1, Instructions: 23fileCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • CreateFileW.KERNELBASE(?,75923390,00000003,00000000,00000000,00000080,00000000,7FFFFFFF), ref: 0093A5F4
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CreateFile
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 823142352-0
                                                                                                                                                                                                    • Opcode ID: 12d5dd26500664026762074535208acdfcd748d3480e53255a1ead0c5d4cd40a
                                                                                                                                                                                                    • Instruction ID: 7e815aec970ea4f66282048ec1b48369e0a71e4cea4d0c185bc7b99bc4c72b65
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 12d5dd26500664026762074535208acdfcd748d3480e53255a1ead0c5d4cd40a
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 28E08C716541747BE620AB25DC49FABFF5CEB0AAA0F058141F889AB081D670AC4097E1
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 0098C9B7 Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • CreateFileW.KERNELBASE(00000000,00000000,?,0098C675,?,?,00000000,?,0098C675,00000000,0000000C), ref: 0098C9D4
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CreateFile
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 823142352-0
                                                                                                                                                                                                    • Opcode ID: 26a7e9c6110ddac7e387cf54f51dee8e4724bc4183ea3fe6f22d16fee796e074
                                                                                                                                                                                                    • Instruction ID: 5fce3e0bffb83e78fc45e253a7830dbbe582f182930bf155a9c378647688a194
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 26a7e9c6110ddac7e387cf54f51dee8e4724bc4183ea3fe6f22d16fee796e074
                                                                                                                                                                                                    • Instruction Fuzzy Hash: CFD06C3201014DBFDF028F84DC46EDA3FAAFB48714F018000FA1856060C732E821AB91
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 008A8370 Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetHandleVerifier.ASSISTANT_INSTALLER(?,?,008A631A,?,00000000,?,009F4CF8,?,?,?,?,008A648D,00000000), ref: 008A8377
                                                                                                                                                                                                      • Part of subcall function 008DEB90: GetModuleHandleW.KERNEL32(00000000), ref: 008DEB9E
                                                                                                                                                                                                      • Part of subcall function 008DEB90: GetProcAddress.KERNEL32(00000000,GetHandleVerifier), ref: 008DEBAA
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Handle$AddressModuleProcVerifier
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3286154149-0
                                                                                                                                                                                                    • Opcode ID: 1cc07427af520186a7326f8132783c901fbcac9168e32443b6a52e1578090511
                                                                                                                                                                                                    • Instruction ID: 66dd554f48f6e98745422a790b6bcf6656761ffd5a9db77e6daba85655f4a96f
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1cc07427af520186a7326f8132783c901fbcac9168e32443b6a52e1578090511
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 68C08C31200128AF8A007A58D8008EE7B9CEE4A26030000A2F90A9B310CB207C0147E1
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 0088AA30 Relevance: 1.3, APIs: 1, Instructions: 93COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00000000,?,?,?,00866046,?,?,00000000), ref: 0088AAD9
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ErrorLast
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1452528299-0
                                                                                                                                                                                                    • Opcode ID: 013f3f675c1dc39cfec851817d99825341194afcb06361be7b3aad1fda826c84
                                                                                                                                                                                                    • Instruction ID: 45a72baf3ef46e36355e517918402cbd33e3def7720592cbc6dc8dd2433fd745
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 013f3f675c1dc39cfec851817d99825341194afcb06361be7b3aad1fda826c84
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5D31C5716043419FDB18AF14C88066B7BE5FF89364F04862EF85597291D734EA55CB83
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 008A82A0 Relevance: 1.3, APIs: 1, Instructions: 29COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • CoUninitialize.OLE32 ref: 008A82D2
                                                                                                                                                                                                      • Part of subcall function 008DE9E0: CoRevokeInitializeSpy.OLE32 ref: 008DEA13
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: InitializeRevokeUninitialize
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3049223277-0
                                                                                                                                                                                                    • Opcode ID: f1e752275b91a9abf934e715c8f9c31829f0621a4bf432f43339f94e38699f18
                                                                                                                                                                                                    • Instruction ID: 6d15b48e3288de5e44b5925e980447ac366859e8a7bb38bd5ca5e89079cb65c3
                                                                                                                                                                                                    • Opcode Fuzzy Hash: f1e752275b91a9abf934e715c8f9c31829f0621a4bf432f43339f94e38699f18
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5AF08230201705CBE7249F95C498B677BE8FF42305F08845DE44ACBA60CB72F841CB60
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Non-executed Functions

                                                                                                                                                                                                    Function 0090206C Relevance: 58.9, APIs: 14, Strings: 19, Instructions: 1183COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • SetUnhandledExceptionFilter.KERNEL32(009031D0), ref: 00902092
                                                                                                                                                                                                    • SetConsoleCtrlHandler.KERNEL32(009031B0,00000001), ref: 009020A4
                                                                                                                                                                                                    • _strlen.LIBCMT ref: 009020ED
                                                                                                                                                                                                    • _strlen.LIBCMT ref: 009022D4
                                                                                                                                                                                                    • _strlen.LIBCMT ref: 009022F5
                                                                                                                                                                                                    • _strlen.LIBCMT ref: 0090235B
                                                                                                                                                                                                    • _strlen.LIBCMT ref: 0090237C
                                                                                                                                                                                                    • SetUnhandledExceptionFilter.KERNEL32(009031D0,?,?,?,?,?,?,?,00000001,00000000,?,?,--no-periodic-tasks), ref: 009029C6
                                                                                                                                                                                                    • _strlen.LIBCMT ref: 00902A5B
                                                                                                                                                                                                    • _strlen.LIBCMT ref: 00902A77
                                                                                                                                                                                                    • SetProcessShutdownParameters.KERNEL32(00000100,00000001), ref: 00902CF9
                                                                                                                                                                                                    • __Init_thread_header.LIBCMT ref: 00902F17
                                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 00902F50
                                                                                                                                                                                                    • _strlen.LIBCMT ref: 00903014
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • SetProcessShutdownParameters, xrefs: 00902D32
                                                                                                                                                                                                    • --monitor-self-annotation=%s=%s, xrefs: 009028CC
                                                                                                                                                                                                    • --monitor-self, xrefs: 009027A8
                                                                                                                                                                                                    • --no-periodic-tasks, xrefs: 00902819
                                                                                                                                                                                                    • has duplicate key , xrefs: 0090302D
                                                                                                                                                                                                    • ../../third_party/crashpad/crashpad/handler/handler_main.cc, xrefs: 00902D23, 00902EE9, 00903002
                                                                                                                                                                                                    • CrashpadMetrics, xrefs: 00902DFA, 00902E22
                                                                                                                                                                                                    • failed to parse --initial-client-data, xrefs: 00902AD5
                                                                                                                                                                                                    • --annotation, xrefs: 0090224E
                                                                                                                                                                                                    • --monitor-self-annotation, xrefs: 00902317
                                                                                                                                                                                                    • --initial-client-data and --pipe-name are incompatible, xrefs: 009026B5
                                                                                                                                                                                                    • , discarding value , xrefs: 00903061
                                                                                                                                                                                                    • --database is required, xrefs: 00902AE6
                                                                                                                                                                                                    • --monitor-self-argument=--monitor-self is not supported, xrefs: 00902EF8
                                                                                                                                                                                                    • --no-rate-limit, xrefs: 0090284B
                                                                                                                                                                                                    • --no-upload-gzip, xrefs: 0090287D
                                                                                                                                                                                                    • --no-identify-client-via-url, xrefs: 009027F0
                                                                                                                                                                                                    • --initial-client-data or --pipe-name is required, xrefs: 00902B8C
                                                                                                                                                                                                    • Usage: %ls [OPTION]...Crashpad's exception handler server. --annotation=KEY=VALUE set a process annotation in each crash report --attachment=FILE_PATH attach specified file to each crash report at the time of the c, xrefs: 009026EF
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _strlen$ExceptionFilterUnhandled$ConsoleCtrlHandlerInit_thread_footerInit_thread_headerParametersProcessShutdown
                                                                                                                                                                                                    • String ID: has duplicate key $, discarding value $--annotation$--database is required$--initial-client-data and --pipe-name are incompatible$--initial-client-data or --pipe-name is required$--monitor-self$--monitor-self-annotation$--monitor-self-annotation=%s=%s$--monitor-self-argument=--monitor-self is not supported$--no-identify-client-via-url$--no-periodic-tasks$--no-rate-limit$--no-upload-gzip$../../third_party/crashpad/crashpad/handler/handler_main.cc$CrashpadMetrics$SetProcessShutdownParameters$Usage: %ls [OPTION]...Crashpad's exception handler server. --annotation=KEY=VALUE set a process annotation in each crash report --attachment=FILE_PATH attach specified file to each crash report at the time of the c$failed to parse --initial-client-data
                                                                                                                                                                                                    • API String ID: 3033975033-173564898
                                                                                                                                                                                                    • Opcode ID: 3783f11e4228e77b4f639945f8c4ed34c86136ed32c4ca5213c4ce769fe44865
                                                                                                                                                                                                    • Instruction ID: 4d98980ab612c322353711892420b2ffacdb265381862361ec278d3915037b67
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3783f11e4228e77b4f639945f8c4ed34c86136ed32c4ca5213c4ce769fe44865
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 60A2B1B1604B409FD721EF34C885BE7B7E9BF95300F14492DE4AA97281EB31B949CB52
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00860746 Relevance: 24.4, APIs: 16, Instructions: 391COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetUserNameW.ADVAPI32(?,?), ref: 008608BB
                                                                                                                                                                                                    • GetNamedSecurityInfoW.ADVAPI32(?,?,00000004,00000000,00000000,?,00000000,?,?,?,00000000), ref: 00860905
                                                                                                                                                                                                    • GetNamedSecurityInfoW.ADVAPI32(?,?,00000004,00000000,00000000,?,00000000,?), ref: 0086093C
                                                                                                                                                                                                    • GetExplicitEntriesFromAclW.ADVAPI32(?,?,?,?,?,00000000), ref: 00860958
                                                                                                                                                                                                    • CheckTokenMembership.ADVAPI32(00000000,?,FFFFFFFF), ref: 0086099C
                                                                                                                                                                                                    • BuildExplicitAccessWithNameW.ADVAPI32(?,?,?,00000001,00000003,?,?,00000000), ref: 008609D3
                                                                                                                                                                                                    • SetEntriesInAclW.ADVAPI32(00000001,?,00000000,?,?,?,00000000), ref: 008609E9
                                                                                                                                                                                                    • SetEntriesInAclW.ADVAPI32(?,?,?,?,?,?,00000000), ref: 00860A0A
                                                                                                                                                                                                    • LocalFree.KERNEL32(?,?,?,?,?,00000000), ref: 00860A1B
                                                                                                                                                                                                    • LocalFree.KERNEL32(?,?,?,?,?,00000000), ref: 00860A2A
                                                                                                                                                                                                    • LocalFree.KERNEL32(?,?,?,00000000), ref: 00860A3B
                                                                                                                                                                                                    • LocalFree.KERNEL32(?,?,?,00000000), ref: 00860A4A
                                                                                                                                                                                                    • SetNamedSecurityInfoW.ADVAPI32(?,?,00000004,00000000,00000000,?,00000000), ref: 00860A86
                                                                                                                                                                                                    • SetNamedSecurityInfoW.ADVAPI32(?,?,00000004,00000000,00000000,?,00000000), ref: 00860ADA
                                                                                                                                                                                                    • LocalFree.KERNEL32(?), ref: 00860B00
                                                                                                                                                                                                    • LocalFree.KERNEL32(?), ref: 00860B0F
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: FreeLocal$InfoNamedSecurity$Entries$ExplicitName$AccessBuildCheckFromMembershipTokenUserWith
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 4240689945-0
                                                                                                                                                                                                    • Opcode ID: 18d4894c5420998ae419c3123059596a425bafcd4b4b2bf51d8c0f758b45adc3
                                                                                                                                                                                                    • Instruction ID: 277d14163b7154d2446840afd909980acc268cb600b193bf0b478604fa5eb08a
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 18d4894c5420998ae419c3123059596a425bafcd4b4b2bf51d8c0f758b45adc3
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 22D19D71604315AFDB14CF68CC84A6BBBA9FF88350F01852DF959CB251DB70E905CB96
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 008A4EE0 Relevance: 21.4, APIs: 10, Strings: 2, Instructions: 406processsynchronizationCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • SetHandleInformation.KERNEL32(00861A0E,00000001,00000001,?,009F4C28), ref: 008A4FB6
                                                                                                                                                                                                    • CreateEnvironmentBlock.USERENV(00000000,?,00000000,?), ref: 008A517C
                                                                                                                                                                                                    • CreateProcessAsUserW.ADVAPI32(?,00000000,FFFFFFFF,00000000,00000000,?,00000000,00000000,00000000,?,?,00000000,?,00000000,?), ref: 008A51BD
                                                                                                                                                                                                    • DestroyEnvironmentBlock.USERENV(00000000), ref: 008A51C9
                                                                                                                                                                                                    • GetEnvironmentStringsW.KERNEL32(?), ref: 008A524D
                                                                                                                                                                                                    • FreeEnvironmentStringsW.KERNEL32(?), ref: 008A5330
                                                                                                                                                                                                    • CreateProcessW.KERNEL32(00000000,FFFFFFFF,00000000,00000000,?,00000000,00000000,00000000,?,?,?), ref: 008A5376
                                                                                                                                                                                                    • AssignProcessToJobObject.KERNEL32(?,00000000), ref: 008A53BE
                                                                                                                                                                                                    • AllowSetForegroundWindow.USER32(00000000), ref: 008A53DB
                                                                                                                                                                                                    • WaitForSingleObject.KERNEL32(00000000,000000FF,?), ref: 008A53EC
                                                                                                                                                                                                      • Part of subcall function 008A6240: GetLastError.KERNEL32(?,009F4CF8,?,?,008A648D,00000000,?,?,?,008AB3EC), ref: 008A6255
                                                                                                                                                                                                      • Part of subcall function 008A6240: SetLastError.KERNEL32(00000000,?,?,008A648D,00000000,?,?,?,008AB3EC), ref: 008A628C
                                                                                                                                                                                                      • Part of subcall function 008A6240: GetCurrentProcess.KERNEL32(?,009F4CF8,?,?,008A648D,00000000,?,?,?,008AB3EC), ref: 008A6296
                                                                                                                                                                                                      • Part of subcall function 008A65B0: GetCurrentProcess.KERNEL32(5D5B5F5E,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 008A65CE
                                                                                                                                                                                                      • Part of subcall function 008A65B0: TerminateProcess.KERNEL32(FF355567,^_[],5D5B5F5E,?), ref: 008A65DA
                                                                                                                                                                                                      • Part of subcall function 008A65B0: GetCurrentProcess.KERNEL32 ref: 008A65F0
                                                                                                                                                                                                      • Part of subcall function 008A65B0: WaitForSingleObject.KERNEL32(00000000,0000EA60), ref: 008A6642
                                                                                                                                                                                                      • Part of subcall function 008A65B0: GetCurrentProcess.KERNEL32 ref: 008A664E
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Process$CurrentEnvironment$CreateObject$BlockErrorLastSingleStringsWait$AllowAssignDestroyForegroundFreeHandleInformationTerminateUserWindow
                                                                                                                                                                                                    • String ID: ../../base/process/launch_win.cc$LaunchProcess
                                                                                                                                                                                                    • API String ID: 4109405000-1974568409
                                                                                                                                                                                                    • Opcode ID: 4e8927dea11f9d594780637abac0c60cf86564b435de6f9e9dc96bbb3a1e7c4f
                                                                                                                                                                                                    • Instruction ID: 568d8f7ebf696dc256767b676a658ce575789ffb390b1f288374ed8417a4cb3a
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4e8927dea11f9d594780637abac0c60cf86564b435de6f9e9dc96bbb3a1e7c4f
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 04F18E715087819BEB20DF24C885B6BBBE1FFC6314F144A1DF49587691DBB0E988CB92
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 008AA6D0 Relevance: 19.6, APIs: 13, Instructions: 128threadCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetCurrentThread.KERNEL32 ref: 008AA709
                                                                                                                                                                                                    • GetThreadPriority.KERNEL32(00000000), ref: 008AA70C
                                                                                                                                                                                                    • GetCurrentThread.KERNEL32 ref: 008AA716
                                                                                                                                                                                                    • SetThreadPriority.KERNEL32(00000000,00000002), ref: 008AA71B
                                                                                                                                                                                                    • QueryPerformanceCounter.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 008AA782
                                                                                                                                                                                                    • GetCurrentThread.KERNEL32 ref: 008AA790
                                                                                                                                                                                                    • SetThreadPriority.KERNEL32(00000000,?), ref: 008AA79B
                                                                                                                                                                                                    • QueryPerformanceFrequency.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 008AA7B2
                                                                                                                                                                                                    • __Init_thread_header.LIBCMT ref: 008AA87E
                                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 008AA8A5
                                                                                                                                                                                                    • __Init_thread_header.LIBCMT ref: 008AA8B7
                                                                                                                                                                                                    • QueryPerformanceCounter.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 008AA8E1
                                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 008AA8FF
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Thread$CurrentPerformancePriorityQuery$CounterInit_thread_footerInit_thread_header$Frequency
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 521408450-0
                                                                                                                                                                                                    • Opcode ID: 7e3483bf32766c81c88fd4e2f40f1398d327794476eb95a592ce2cd6e0546292
                                                                                                                                                                                                    • Instruction ID: f23420be0373068b5943f7670749c361f8d1168cb9f7cf2191b972fcd889014c
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7e3483bf32766c81c88fd4e2f40f1398d327794476eb95a592ce2cd6e0546292
                                                                                                                                                                                                    • Instruction Fuzzy Hash: EA51C17181D7808FC301DF78E88566BB7E4FFCA394F118719F885622A1DB35A945DB42
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 009335F4 Relevance: 18.0, APIs: 4, Strings: 6, Instructions: 491COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • %s: option `%s' is ambiguous (could be `--%s' or `--%s'), xrefs: 00933B35
                                                                                                                                                                                                    • -%c', xrefs: 00933BDA
                                                                                                                                                                                                    • --%s', xrefs: 00933BA6
                                                                                                                                                                                                    • POSIXLY_CORRECT, xrefs: 0093369B
                                                                                                                                                                                                    • %s: invalid option -- `-%c', xrefs: 009339A1
                                                                                                                                                                                                    • %s: argument required for option `, xrefs: 00933B80
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ___from_strstr_to_strchr_strlen
                                                                                                                                                                                                    • String ID: %s: argument required for option `$%s: invalid option -- `-%c'$%s: option `%s' is ambiguous (could be `--%s' or `--%s')$-%c'$--%s'$POSIXLY_CORRECT
                                                                                                                                                                                                    • API String ID: 1576176021-3002513585
                                                                                                                                                                                                    • Opcode ID: 864e1863e1956543e5dab094b93d7005788e06c824f46a977b63b72be6cd4bc6
                                                                                                                                                                                                    • Instruction ID: e8cd4c890291fb4dd57fb8959bfd733162eacf4eefac939922991a207173107b
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 864e1863e1956543e5dab094b93d7005788e06c824f46a977b63b72be6cd4bc6
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2502CEB1E442199FDB14CF58D8827BEBBB9BB48314F198129E902AB341D375DE42CF91
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 009011A6 Relevance: 17.9, APIs: 2, Strings: 8, Instructions: 369COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                      • Part of subcall function 00843696: _strlen.LIBCMT ref: 008436AD
                                                                                                                                                                                                    • K32GetProcessMemoryInfo.KERNEL32(00000000,?,0000002C), ref: 0090130C
                                                                                                                                                                                                    • K32GetPerformanceInfo.KERNEL32(?,00000038), ref: 009014E2
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Info$MemoryPerformanceProcess_strlen
                                                                                                                                                                                                    • String ID: Win32$^_[]$cana$channel$plat$prod$ptype$ver
                                                                                                                                                                                                    • API String ID: 4159616963-1260709952
                                                                                                                                                                                                    • Opcode ID: 4bfdce12a6cd5aa43edb1e160b4e5d2e6feca4ba4c10d8828def80eaf58bf03e
                                                                                                                                                                                                    • Instruction ID: 86461988dcd3083c60eaa21ce2169a280f68c720934994410ac8f27e2a3b2bd7
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4bfdce12a6cd5aa43edb1e160b4e5d2e6feca4ba4c10d8828def80eaf58bf03e
                                                                                                                                                                                                    • Instruction Fuzzy Hash: B3E191B1908785AFDB20DF24C841BABBBE8FFD5314F04891DF58A86291EB319945CB53
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00936D0E Relevance: 17.8, APIs: 7, Strings: 3, Instructions: 284synchronizationthreadCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • CreateThread.KERNEL32(00000000,00000000,009370A0,00000000,00000000,00000000), ref: 00936E01
                                                                                                                                                                                                    • GetQueuedCompletionStatus.KERNEL32(?,?,?,?,000000FF), ref: 00936ECE
                                                                                                                                                                                                    • TryAcquireSRWLockExclusive.KERNEL32 ref: 00936EE3
                                                                                                                                                                                                      • Part of subcall function 008FCB18: GetVersion.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 008FCB49
                                                                                                                                                                                                      • Part of subcall function 008FCB18: CreateNamedPipeW.KERNELBASE ref: 008FCBA4
                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(?,?), ref: 00936F30
                                                                                                                                                                                                    • WaitForSingleObject.KERNEL32(?,000000FF,?,?,?,?,?,?,?,?,?), ref: 00936FC6
                                                                                                                                                                                                    • TryAcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 00936FD3
                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 00937051
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • ../../third_party/crashpad/crashpad/util/win/exception_handler_server.cc, xrefs: 00936E38, 00936E6B
                                                                                                                                                                                                    • CreateNamedPipe, xrefs: 00936E86
                                                                                                                                                                                                    • CreateThread, xrefs: 00936E4F
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ExclusiveLock$AcquireCreateRelease$CompletionNamedObjectPipeQueuedSingleStatusThreadVersionWait
                                                                                                                                                                                                    • String ID: ../../third_party/crashpad/crashpad/util/win/exception_handler_server.cc$CreateNamedPipe$CreateThread
                                                                                                                                                                                                    • API String ID: 995286921-1199881885
                                                                                                                                                                                                    • Opcode ID: 9487e3f5c377605a8389db4aa661bba81fc239f30a8d439d3afd58358ec86c80
                                                                                                                                                                                                    • Instruction ID: 3c54f08e1c1d44a3f825af6b905b7a310532f265b920df5d800d1d5a231b27ca
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9487e3f5c377605a8389db4aa661bba81fc239f30a8d439d3afd58358ec86c80
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6DB17DB1908300AFC714DF28D885A6ABBE5FF84714F158A2DF8999B2A1D731ED44CF52
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 008A6AE0 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 82threadlibraryloaderCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                      • Part of subcall function 008DE230: TryAcquireSRWLockExclusive.KERNEL32(00000000,008BE527,?,?,?,008A6B03,008BE527,?,?,008BE527,?), ref: 008DE251
                                                                                                                                                                                                    • GetCurrentThread.KERNEL32 ref: 008A6B50
                                                                                                                                                                                                    • IsDebuggerPresent.KERNEL32(008BE527,?,?,008BE527,?), ref: 008A6B6B
                                                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 008A6B7D
                                                                                                                                                                                                    • __Init_thread_header.LIBCMT ref: 008A6BA4
                                                                                                                                                                                                    • GetModuleHandleW.KERNEL32(Kernel32.dll,008BE527,?,?,008BE527,?), ref: 008A6BBE
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,SetThreadDescription), ref: 008A6BCA
                                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 008A6BDA
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CurrentThread$AcquireAddressDebuggerExclusiveHandleInit_thread_footerInit_thread_headerLockModulePresentProc
                                                                                                                                                                                                    • String ID: Kernel32.dll$SetThreadDescription
                                                                                                                                                                                                    • API String ID: 4238099923-1724334159
                                                                                                                                                                                                    • Opcode ID: 5bc0252960ad78ce080ac7ba1b91a2289c64abfab78aa3c54c28d3e71a2e6166
                                                                                                                                                                                                    • Instruction ID: a4fed1524a7e8ec10363b9e93f42ecd9cbce0e8c47dd8c53dc80a5fd1e6e70d2
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5bc0252960ad78ce080ac7ba1b91a2289c64abfab78aa3c54c28d3e71a2e6166
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 48215C71A042199FEB10AB74DC56A7F7764FB41734F044019F895C7651EA307C12CBA2
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 008A9120 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 296fileCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • FindNextFileW.KERNEL32(?,?,?,?,00000000,?,?), ref: 008A91E4
                                                                                                                                                                                                    • FindClose.KERNEL32(?,?,?), ref: 008A91F8
                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?), ref: 008A9342
                                                                                                                                                                                                    • GetFileAttributesW.KERNEL32(FFFFFFFF,FFFFFFFF,?,?,?,00000001,?,?), ref: 008A9420
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: FileFind$AttributesCloseErrorLastNext
                                                                                                                                                                                                    • String ID: ../../base/files/file_enumerator_win.cc$Next
                                                                                                                                                                                                    • API String ID: 2898002969-3065876524
                                                                                                                                                                                                    • Opcode ID: 148763986ec0fdcaf0d80c86140a75cc337578a5041038bd9119adea98804576
                                                                                                                                                                                                    • Instruction ID: 90d5c632316641021434f7b5ba425979e7a55f9f949ffb68cd006dc59a981fa1
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 148763986ec0fdcaf0d80c86140a75cc337578a5041038bd9119adea98804576
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 24B1C37060C7429BEB14EF28C889B6AB7A5FF85314F10471DE4E5C76D1EB34A945CB82
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00862770 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 99fileCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • CreateFileW.KERNEL32(?,?,?,?,?,?,00000000), ref: 00862814
                                                                                                                                                                                                    • DeviceIoControl.KERNEL32 ref: 0086285D
                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00862869
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • \\.\%lc:, xrefs: 0086279B
                                                                                                                                                                                                    • ../../opera/desktop/windows/os_operations/os_operations_impl.cc, xrefs: 008627CE
                                                                                                                                                                                                    • IsValid, xrefs: 008627D3
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ControlCreateDeviceErrorFileLast
                                                                                                                                                                                                    • String ID: ../../opera/desktop/windows/os_operations/os_operations_impl.cc$IsValid$\\.\%lc:
                                                                                                                                                                                                    • API String ID: 1247001307-2475376787
                                                                                                                                                                                                    • Opcode ID: 1372d2ba5850bc3627f6742863017b1aa7bed75f8401c7bbed782c724cc462c6
                                                                                                                                                                                                    • Instruction ID: a54770702d70373a16480740bd8d719425b3d6e64b9f3b7136bc54d136e724be
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1372d2ba5850bc3627f6742863017b1aa7bed75f8401c7bbed782c724cc462c6
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8531A0B19087419BD700EF69C98556AFBE4FF99304F008A2EF8D993251EB70A548CB83
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 0086051B Relevance: 7.6, APIs: 5, Instructions: 74COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(?,?,?,?,?,?,?,?,0086043C,SeTakeOwnershipPrivilege), ref: 0086053C
                                                                                                                                                                                                    • OpenProcessToken.ADVAPI32(00000000,00000020,?,?,?,?,?,?,?,?,?,0086043C,SeTakeOwnershipPrivilege), ref: 00860546
                                                                                                                                                                                                      • Part of subcall function 00851B9C: GetLastError.KERNEL32(00000000,?,-00000001,?,008512C9,00000000), ref: 00851BAB
                                                                                                                                                                                                      • Part of subcall function 00851B9C: SetLastError.KERNEL32(00000000,?,008512C9,00000000), ref: 00851BCA
                                                                                                                                                                                                    • LookupPrivilegeValueW.ADVAPI32(00000000,?,?), ref: 00860577
                                                                                                                                                                                                    • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,?,?,?,?,?,?,?,0086043C,SeTakeOwnershipPrivilege), ref: 008605A9
                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,0086043C,SeTakeOwnershipPrivilege), ref: 008605B3
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ErrorLast$ProcessToken$AdjustCurrentLookupOpenPrivilegePrivilegesValue
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2332101959-0
                                                                                                                                                                                                    • Opcode ID: 2ffb33a56debab523a9212cf6defce5b1ecc9c7fd8569c65b89ce0978d81e624
                                                                                                                                                                                                    • Instruction ID: dbf248f599b78b8465cd14ec2104f29a4bff0bd69fa0bb84991413f217690571
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2ffb33a56debab523a9212cf6defce5b1ecc9c7fd8569c65b89ce0978d81e624
                                                                                                                                                                                                    • Instruction Fuzzy Hash: A22171719152199FDB049FA9DC88AAEBBF8FF48354B054429F805E7261D730AD44CF25
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 008BC3B6 Relevance: 3.1, APIs: 2, Instructions: 69COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetCurrentProcessId.KERNEL32(008BFE4E,?,?,?,?,?,?,?,?,00000000,?,?,?,008BFE4E,?), ref: 008BC3EA
                                                                                                                                                                                                      • Part of subcall function 008FC8A4: CreateFileW.KERNELBASE ref: 008FC8EF
                                                                                                                                                                                                      • Part of subcall function 008FC8A4: GetLastError.KERNEL32 ref: 008FC8F6
                                                                                                                                                                                                      • Part of subcall function 008FC8A4: WaitNamedPipeW.KERNEL32(?,000000FF), ref: 008FC914
                                                                                                                                                                                                    • SetUnhandledExceptionFilter.KERNEL32(008BC770,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 008BC440
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CreateCurrentErrorExceptionFileFilterLastNamedPipeProcessUnhandledWait
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 4079065440-0
                                                                                                                                                                                                    • Opcode ID: e5b8e71ebc1b0fd008302081dad193883e2db662122ab6ea16696b528feb7f31
                                                                                                                                                                                                    • Instruction ID: e0186dcfd6a85cf84f2737c7f9450af64b6ee0f8cf13f3827260aec06bcda83a
                                                                                                                                                                                                    • Opcode Fuzzy Hash: e5b8e71ebc1b0fd008302081dad193883e2db662122ab6ea16696b528feb7f31
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4921B8F15143049FDB00AF19DC8696ABBE4FF84310B00816AF8198B362D7719914DFA3
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 0098F7E2 Relevance: 1.6, APIs: 1, Instructions: 140timeCOMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetTimeZoneInformation.KERNEL32(00000000,00000000,00000000,?,?,0098FD35,?,?,?,?,?,?,-00000004,00000000), ref: 0098F896
                                                                                                                                                                                                      • Part of subcall function 0099D586: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,00000000,00000000,?,00996DC8,?,00000000,00000000), ref: 0099D632
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ByteCharInformationMultiTimeWideZone
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1123094072-0
                                                                                                                                                                                                    • Opcode ID: 1198d2fc65b83fafa8868d2f7f06ce44bf6330f721dd7e7632d77e8fba05a1a8
                                                                                                                                                                                                    • Instruction ID: 0a34807a0738128c033d08c41d9b76b06f8b1980b220a1b9129a09ef57d4a603
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1198d2fc65b83fafa8868d2f7f06ce44bf6330f721dd7e7632d77e8fba05a1a8
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6C41D672901214BBDB10BFA5DC06B6E7FBCEF44360F118066FA19AB2A1E7309D50DB94
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 009997FB Relevance: .0, Instructions: 22COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 59157d7a3e04e4bca9250d6b8505b587c627c42d0fc274febe3a00804225cc96
                                                                                                                                                                                                    • Instruction ID: 8b92bc99f64c42ac51069bdadcf8fbb9baf16a9bf28f6a5e6b9a7a7e2630bdb5
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 59157d7a3e04e4bca9250d6b8505b587c627c42d0fc274febe3a00804225cc96
                                                                                                                                                                                                    • Instruction Fuzzy Hash: BAE08C32911228EBCB14DBDEC948A8AF3ECEB89B40B11009AF501D3100C270DE00C7D0
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00852FE0 Relevance: 44.1, APIs: 8, Strings: 17, Instructions: 359COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _strlen
                                                                                                                                                                                                    • String ID: Invalid app id type$No all users information$No copy only information$No install path information$No version information$Subfolder not a string$The root is not a dictionary$_all_users$_subfolder$app_id$app_id$copy_only$files$path$product$root_files$version
                                                                                                                                                                                                    • API String ID: 4218353326-1502408593
                                                                                                                                                                                                    • Opcode ID: 0a5eb01742fba6101e59f331d803cba55d98e506c2efc2b4d0aa02e807611d92
                                                                                                                                                                                                    • Instruction ID: b41aad9749f4fbdbd97c4ac89ec6d65be2720a879ab21acedb1c3902f7d01dcc
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0a5eb01742fba6101e59f331d803cba55d98e506c2efc2b4d0aa02e807611d92
                                                                                                                                                                                                    • Instruction Fuzzy Hash: C7C16DB1608310ABDB11AB14D841A6F7BA5FFD6795F044818FC89AB352D631AE0AC793
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00855160 Relevance: 35.5, APIs: 5, Strings: 15, Instructions: 476fileCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                      • Part of subcall function 008A24E0: GetFileAttributesW.KERNELBASE(?,?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 008A2551
                                                                                                                                                                                                    • GetFileAttributesW.KERNEL32(00000000), ref: 00855429
                                                                                                                                                                                                    • SetFileAttributesW.KERNEL32(?,00000000), ref: 00855444
                                                                                                                                                                                                      • Part of subcall function 008A2320: GetFileAttributesW.KERNELBASE(FFFFFFFF,?,00000000), ref: 008A2391
                                                                                                                                                                                                    • CopyFileW.KERNEL32(?,?,00000000), ref: 008555EC
                                                                                                                                                                                                    • GetFileAttributesW.KERNEL32(?,?,00000000), ref: 008555F9
                                                                                                                                                                                                    • SetFileAttributesW.KERNEL32(?,00000000,?,?,00000000), ref: 00855612
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: File$Attributes$Copy
                                                                                                                                                                                                    • String ID: does not exist.$ to $../../opera/desktop/windows/installer/transactions/copy_file_operation.cc$Cannot create a folder to place the file in.$Cannot delete the already existing file to make room for the copied file.$Copying $Could not CopyFile because of an error: $Could not clear the RO attribute of file$Could not get file attributes on destination because of an error: $Couldn't clear RO attribute of $File copied successfully$File copy failed $One of the paths is too long.$One of the paths references parent.$The source file
                                                                                                                                                                                                    • API String ID: 1180250742-1397660437
                                                                                                                                                                                                    • Opcode ID: 054ad24104c01f4ede601e0f8d86c36f709c7c9c94bbac02e84e7573dd7201d1
                                                                                                                                                                                                    • Instruction ID: faef988dc071fad2b2d62dca2925027ad604eda0589516e8e8321e1f604fe6fa
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 054ad24104c01f4ede601e0f8d86c36f709c7c9c94bbac02e84e7573dd7201d1
                                                                                                                                                                                                    • Instruction Fuzzy Hash: E6F1F671600B009FDB24EF64C895F66B7E5FF95305F04452CE88ADB692EB70E948CB52
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00843696 Relevance: 30.2, APIs: 1, Strings: 16, Instructions: 457COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _strlen
                                                                                                                                                                                                    • String ID: $(Arg0)$../../opera/desktop/windows/assistant/installer/assistant_installer.cc$Autoupdate $Could not create scheduled task$Could not initialize task scheduler$Creating scheduled task$Finalizing the installation$Keeps Opera Browser Assistant up to date$Setting autoupdate task error counter to : $assistant$au_task_error_count$component-name$component-path$installer_prefs.json$launcher.exe$scheduledautoupdate
                                                                                                                                                                                                    • API String ID: 4218353326-2181512856
                                                                                                                                                                                                    • Opcode ID: 16032d9a82227ba1992c4598f30225df42fe539637c241ddef8a261e7a4c1a79
                                                                                                                                                                                                    • Instruction ID: 45d4cbf3f70d895e17aed21ba7f8fdbbb2062ba8e281868f980c2b8c6001198f
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 16032d9a82227ba1992c4598f30225df42fe539637c241ddef8a261e7a4c1a79
                                                                                                                                                                                                    • Instruction Fuzzy Hash: C4F1D5716007059FDB20EB74C846BABB7A6FFC5714F04492CF49AD7292EB70AA05C792
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 0085B734 Relevance: 30.0, APIs: 14, Strings: 3, Instructions: 283memoryCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • CoTaskMemAlloc.OLE32(000003E8), ref: 0085B7AD
                                                                                                                                                                                                    • CharNextW.USER32(00000000), ref: 0085B8EF
                                                                                                                                                                                                    • CharNextW.USER32(00000000), ref: 0085B918
                                                                                                                                                                                                    • CoTaskMemFree.OLE32(FFFFFFFF), ref: 0085BA8D
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CharNextTask$AllocFree
                                                                                                                                                                                                    • String ID: }}$HKCR$HKCU{Software{Classes
                                                                                                                                                                                                    • API String ID: 1038441216-1142484189
                                                                                                                                                                                                    • Opcode ID: cda5b62d06d0ba40b0c1b9f006f8f999a78eb18c5ee7af227f363f9b30b06fbd
                                                                                                                                                                                                    • Instruction ID: ec8dcbd74977217824834534965113914705dad2d78b53f7c843657dc164107e
                                                                                                                                                                                                    • Opcode Fuzzy Hash: cda5b62d06d0ba40b0c1b9f006f8f999a78eb18c5ee7af227f363f9b30b06fbd
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 38A1CE719183529FD7109F68C880B2AB7E8FFA8355F144929FC85D7250E774DD48CB92
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 008541C0 Relevance: 28.3, APIs: 7, Strings: 9, Instructions: 284COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _strlen
                                                                                                                                                                                                    • String ID: HKCU$Registry value is not a dictionary$clean$data$name$path$type$values$wow6432
                                                                                                                                                                                                    • API String ID: 4218353326-3483028338
                                                                                                                                                                                                    • Opcode ID: 7115b2d8b5c9eda7494ed92ab8e1f92074cb118dbf1cde171da58e5be40d91a4
                                                                                                                                                                                                    • Instruction ID: 60ddc971b502c75989f813e3edb2a231c4064e0941a179c9d1620d8ef4d35003
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7115b2d8b5c9eda7494ed92ab8e1f92074cb118dbf1cde171da58e5be40d91a4
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 36A16BB16083409BDB10EF58C88096EB7E9FFD5318F04892DF9959B351DB70E989CB92
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 008676B4 Relevance: 28.2, APIs: 8, Strings: 8, Instructions: 199COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • _strlen.LIBCMT ref: 008676E7
                                                                                                                                                                                                    • _strlen.LIBCMT ref: 00867722
                                                                                                                                                                                                    • _strlen.LIBCMT ref: 00867745
                                                                                                                                                                                                    • _strlen.LIBCMT ref: 00867766
                                                                                                                                                                                                    • _strlen.LIBCMT ref: 00867795
                                                                                                                                                                                                    • _strlen.LIBCMT ref: 008677B5
                                                                                                                                                                                                    • _strlen.LIBCMT ref: 008677D5
                                                                                                                                                                                                      • Part of subcall function 008678A8: _strlen.LIBCMT ref: 00867903
                                                                                                                                                                                                      • Part of subcall function 0086792A: _strlen.LIBCMT ref: 008679A6
                                                                                                                                                                                                      • Part of subcall function 0086792A: _strlen.LIBCMT ref: 00867A03
                                                                                                                                                                                                      • Part of subcall function 0086792A: _strlen.LIBCMT ref: 00867A30
                                                                                                                                                                                                      • Part of subcall function 00867A56: _strlen.LIBCMT ref: 00867ACB
                                                                                                                                                                                                      • Part of subcall function 00867A56: _strlen.LIBCMT ref: 00867B06
                                                                                                                                                                                                      • Part of subcall function 00867A56: _strlen.LIBCMT ref: 00867B40
                                                                                                                                                                                                      • Part of subcall function 00867A56: _strlen.LIBCMT ref: 00867B6B
                                                                                                                                                                                                    • _strlen.LIBCMT ref: 00867C1E
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _strlen
                                                                                                                                                                                                    • String ID: _all_users$_subfolder$app_id$components$copy_only$path$product$version
                                                                                                                                                                                                    • API String ID: 4218353326-1886481470
                                                                                                                                                                                                    • Opcode ID: 5ce8117f2834a70cc74e26ed4343c0ed246660eb9172cc8cbb58d6265a7f5f90
                                                                                                                                                                                                    • Instruction ID: c1882c5dae331609961b3f4b15084c407be18b202ee7d444d9652026d129511a
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5ce8117f2834a70cc74e26ed4343c0ed246660eb9172cc8cbb58d6265a7f5f90
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0951A1B1A042256BDF50EB68DC85AAF7BA9FB45318B094464FC59EB302D630ED04C7E1
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00841340 Relevance: 24.8, APIs: 3, Strings: 11, Instructions: 276COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                      • Part of subcall function 00884730: _strlen.LIBCMT ref: 00884751
                                                                                                                                                                                                    • _strlen.LIBCMT ref: 0084140A
                                                                                                                                                                                                      • Part of subcall function 008812A0: _strlen.LIBCMT ref: 008812D0
                                                                                                                                                                                                    • _strlen.LIBCMT ref: 0084146A
                                                                                                                                                                                                    • _strlen.LIBCMT ref: 00841540
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _strlen
                                                                                                                                                                                                    • String ID: allusers$autoupdate$copyonly$installer$installfolder$internal-version$post-elevated-install-tasks$run-assistant$stream$uninstall$version
                                                                                                                                                                                                    • API String ID: 4218353326-966510985
                                                                                                                                                                                                    • Opcode ID: 2d7e9d1540bc0b807319c2358649a5495dc216947862c957455d3a73e8f8b2a1
                                                                                                                                                                                                    • Instruction ID: 7b9e1dcc09c3e53e96bafad25bf605154e2a99c0e43aed95e5e863656d14f8da
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2d7e9d1540bc0b807319c2358649a5495dc216947862c957455d3a73e8f8b2a1
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4D91F5B16103495BDF20BFB8898696BB7E5FF85714B04842DE486C7B82EB70E944C792
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 0085ADD0 Relevance: 24.7, APIs: 9, Strings: 5, Instructions: 215COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                      • Part of subcall function 0085AC60: InitializeCriticalSectionEx.KERNEL32(-0000000C,00000000,00000000,00000000,?,0085A9BB,?,0085A76B,?), ref: 0085AC69
                                                                                                                                                                                                      • Part of subcall function 0085AC60: GetLastError.KERNEL32(?,0085A9BB,?,0085A76B,?), ref: 0085AC73
                                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(?), ref: 0085AEBE
                                                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(?,?,?), ref: 0085AED4
                                                                                                                                                                                                    • GetModuleFileNameW.KERNEL32(00840000,?,00000104), ref: 0085AF1E
                                                                                                                                                                                                    • GetModuleHandleW.KERNEL32(00000000), ref: 0085AFAB
                                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(?), ref: 0085AFBA
                                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(?), ref: 0085B05B
                                                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(?,Module,?), ref: 0085B073
                                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(?), ref: 0085B081
                                                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(?,Module_Raw,?), ref: 0085B0A0
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CriticalSection$Enter$Leave$Module$ErrorFileHandleInitializeLastName
                                                                                                                                                                                                    • String ID: "$MZx$Module$Module_Raw$REGISTRY
                                                                                                                                                                                                    • API String ID: 2998937331-1297953865
                                                                                                                                                                                                    • Opcode ID: b4e7a3eee4bc98c394a1cb896e8005ab0ff9ed7f4cc41d145673bef7929c8f53
                                                                                                                                                                                                    • Instruction ID: 0cf39355c14ac3443ac02a65e0b67fbe903d78f6bce4514a025f417b3faa0d42
                                                                                                                                                                                                    • Opcode Fuzzy Hash: b4e7a3eee4bc98c394a1cb896e8005ab0ff9ed7f4cc41d145673bef7929c8f53
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5C7117B2A04745ABD3209B20CC85B7BB3A8FFD5305F144528FD49DB281EB75E90987A3
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 008A1610 Relevance: 23.0, APIs: 7, Strings: 6, Instructions: 282fileCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetFileAttributesW.KERNEL32(008CD42A,?,?,00000000,?,?,?,00000000), ref: 008A17D9
                                                                                                                                                                                                    • SetFileAttributesW.KERNEL32(008CD42A,00000000,?,?,?,00000000), ref: 008A1800
                                                                                                                                                                                                    • DeleteFileW.KERNEL32(008CD42A,?,?,?,00000000), ref: 008A181A
                                                                                                                                                                                                    • RemoveDirectoryW.KERNEL32(008CD42A), ref: 008A1875
                                                                                                                                                                                                      • Part of subcall function 008A3870: SetFileAttributesW.KERNEL32(FFFFFFFF,?,?,?,?,?,?,?,?), ref: 008A398A
                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,00000000), ref: 008A1884
                                                                                                                                                                                                    • GetFileAttributesW.KERNEL32(008CD42A,?,00000000,?,?,?,00000000), ref: 008A18B9
                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,00000000), ref: 008A18E7
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: File$Attributes$ErrorLast$DeleteDirectoryRemove
                                                                                                                                                                                                    • String ID: *$../../base/files/file_util_win.cc$DeleteFile.NonRecursive$DeleteFile.Recursive$DeleteFileAndRecordMetrics$DoDeleteFile
                                                                                                                                                                                                    • API String ID: 1056033459-924194139
                                                                                                                                                                                                    • Opcode ID: b3b314a1096df3d6e71e4f2ff89410040f5e3aff7ae3a9587ea1f883d64b7db5
                                                                                                                                                                                                    • Instruction ID: 244be535907c00755e95edc7fb2fe1da90c1beabf44562af8e0041579890245e
                                                                                                                                                                                                    • Opcode Fuzzy Hash: b3b314a1096df3d6e71e4f2ff89410040f5e3aff7ae3a9587ea1f883d64b7db5
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1BB1C171A087805BEB209B28C85976BBBE1FFC2324F144A2DF4E5C66D1EB349945CB43
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 0085ADE0 Relevance: 23.0, APIs: 9, Strings: 4, Instructions: 221COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                      • Part of subcall function 0085AC60: InitializeCriticalSectionEx.KERNEL32(-0000000C,00000000,00000000,00000000,?,0085A9BB,?,0085A76B,?), ref: 0085AC69
                                                                                                                                                                                                      • Part of subcall function 0085AC60: GetLastError.KERNEL32(?,0085A9BB,?,0085A76B,?), ref: 0085AC73
                                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(?), ref: 0085D12C
                                                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(?,?,?), ref: 0085D142
                                                                                                                                                                                                    • GetModuleFileNameW.KERNEL32(00840000,?,00000104), ref: 0085D188
                                                                                                                                                                                                    • GetModuleHandleW.KERNEL32(00000000), ref: 0085D230
                                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(?), ref: 0085D23F
                                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(?), ref: 0085D2E0
                                                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(?,Module,?), ref: 0085D2F8
                                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(?), ref: 0085D306
                                                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(?,Module_Raw,?), ref: 0085D325
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CriticalSection$Enter$Leave$Module$ErrorFileHandleInitializeLastName
                                                                                                                                                                                                    • String ID: "$Module$Module_Raw$REGISTRY
                                                                                                                                                                                                    • API String ID: 2998937331-3881418485
                                                                                                                                                                                                    • Opcode ID: 4e676050107c1973ced257fc9a06da53543b49eb6bb0ab026d3db430a2757e21
                                                                                                                                                                                                    • Instruction ID: 0ddb5632e1faaf233013e5f8aeecaf33a81f6a082b648445a3f7a15591923498
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4e676050107c1973ced257fc9a06da53543b49eb6bb0ab026d3db430a2757e21
                                                                                                                                                                                                    • Instruction Fuzzy Hash: E1712572A44745ABD3309B20CC85BAAB3A9FFC5356F144428FD49DB241EB74E909C7A2
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00844C11 Relevance: 21.5, APIs: 1, Strings: 11, Instructions: 480COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetCurrentProcessId.KERNEL32 ref: 00844CC2
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CurrentProcess
                                                                                                                                                                                                    • String ID: " | FIND /c /i ".exe"$:again$IF %PID_RUNNING%==TRUE ($IF %PID_RUNNING%==TRUE GOTO :again$IF ERRORLEVEL 1 SET PID_RUNNING=FALSE$SET PID_RUNNING=TRUE$TASKLIST /FI "PID eq $del "$del %0 & rmdir "$k.bat$ping -n 2 127.0.0.1
                                                                                                                                                                                                    • API String ID: 2050909247-752602931
                                                                                                                                                                                                    • Opcode ID: f5bb73669948c01e3583a087a12a21257bc0be9cf3657e21be980af5f19e16ad
                                                                                                                                                                                                    • Instruction ID: dcff0509133055cfa9c4f895465cfe2e4b6f7f9f53a461cf540d20fe82b7d92c
                                                                                                                                                                                                    • Opcode Fuzzy Hash: f5bb73669948c01e3583a087a12a21257bc0be9cf3657e21be980af5f19e16ad
                                                                                                                                                                                                    • Instruction Fuzzy Hash: A3F1A2717043406FCB14EB68C896A2EBBAAFFC5750F05842CF48ADB392DB74D9458792
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 008A65B0 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 98synchronizationCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(5D5B5F5E,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 008A65CE
                                                                                                                                                                                                    • TerminateProcess.KERNEL32(FF355567,^_[],5D5B5F5E,?), ref: 008A65DA
                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32 ref: 008A65F0
                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00850FA3,00000000), ref: 008A65F8
                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00850FA3,00000000), ref: 008A6604
                                                                                                                                                                                                    • WaitForSingleObject.KERNEL32(00000000,0000EA60,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 008A6614
                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32 ref: 008A6632
                                                                                                                                                                                                    • WaitForSingleObject.KERNEL32(00000000,0000EA60), ref: 008A6642
                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32 ref: 008A664E
                                                                                                                                                                                                    • GetExitCodeProcess.KERNEL32(00000000,FFFFFFFF), ref: 008A667D
                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32 ref: 008A6690
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Process$Current$ObjectSingleWait$CodeErrorExitLastTerminate
                                                                                                                                                                                                    • String ID: ^_[]
                                                                                                                                                                                                    • API String ID: 2432511979-568551382
                                                                                                                                                                                                    • Opcode ID: 50004bca081dd1666c86bb1e4f646d882e39e302e568e05e1e0739c1dfe5ea9b
                                                                                                                                                                                                    • Instruction ID: 74915eaecacd5b68c78f181bd1e5c43a46b129ac62fd7e893dfaf52ead639015
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 50004bca081dd1666c86bb1e4f646d882e39e302e568e05e1e0739c1dfe5ea9b
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8531B4706142849BF7249F78D94CB6A7BA8FF12304F1C441CF586CA9A4EB34AC90DB52
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 008DB360 Relevance: 19.5, APIs: 9, Strings: 2, Instructions: 260COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • TryAcquireSRWLockExclusive.KERNEL32(009F50D8,?,00000008,009F50F4,?,008DC05F,00000010,?,?), ref: 008DB399
                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(009F50D8), ref: 008DB59D
                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(009F50D8,?,?,00000008,009F50F4,?,008DC05F,00000010,?,?), ref: 008DB5FC
                                                                                                                                                                                                    • __Init_thread_header.LIBCMT ref: 008DB6A9
                                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 008DB6CD
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • MonitorNextJankWindowIfNecessary, xrefs: 008DB661
                                                                                                                                                                                                    • ../../base/threading/scoped_blocking_call_internal.cc, xrefs: 008DB65C
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ExclusiveLock$Release$AcquireInit_thread_footerInit_thread_header
                                                                                                                                                                                                    • String ID: ../../base/threading/scoped_blocking_call_internal.cc$MonitorNextJankWindowIfNecessary
                                                                                                                                                                                                    • API String ID: 1756964227-4084575106
                                                                                                                                                                                                    • Opcode ID: c88cda2d73ec1466b3c084b46e9ff5384b6185e6bd316e4d1fc28198c3cd6959
                                                                                                                                                                                                    • Instruction ID: 27112716b5d289442af270b0de5b78fe625c328a5f41c20de05a76260a34c90f
                                                                                                                                                                                                    • Opcode Fuzzy Hash: c88cda2d73ec1466b3c084b46e9ff5384b6185e6bd316e4d1fc28198c3cd6959
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 56B11871A00746DBD714DF28C891BB9B3A0FF98314F2AC32AE91D97391DB71A894C791
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00864EA0 Relevance: 19.4, APIs: 2, Strings: 9, Instructions: 130comCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • CoCreateInstance.OLE32(009B61B4,00000000,00000017,009AD4A8,-00000020), ref: 00864EC8
                                                                                                                                                                                                    • CoAllowSetForegroundWindow.OLE32(?,00000000), ref: 00864EDF
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • SystemSettings_DefaultApps_%ls, xrefs: 00864F63
                                                                                                                                                                                                    • http, xrefs: 00864F15
                                                                                                                                                                                                    • SettingsPageAppsDefaultsProtocolView, xrefs: 00864F76
                                                                                                                                                                                                    • Browser, xrefs: 00864F2B
                                                                                                                                                                                                    • Email, xrefs: 00864F5E
                                                                                                                                                                                                    • page=SettingsPageAppsDefaults, xrefs: 00864EEC
                                                                                                                                                                                                    • mailto, xrefs: 00864F48
                                                                                                                                                                                                    • windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel, xrefs: 00864EF1, 00864FAF
                                                                                                                                                                                                    • page=SettingsPageAppsDefaults&target=%ls, xrefs: 00864F92
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: AllowCreateForegroundInstanceWindow
                                                                                                                                                                                                    • String ID: Browser$Email$SettingsPageAppsDefaultsProtocolView$SystemSettings_DefaultApps_%ls$http$mailto$page=SettingsPageAppsDefaults$page=SettingsPageAppsDefaults&target=%ls$windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel
                                                                                                                                                                                                    • API String ID: 14021637-918448973
                                                                                                                                                                                                    • Opcode ID: 5bcfa5268327f924c216c6e7576b3c3446c27208da8595fc403c54925a134616
                                                                                                                                                                                                    • Instruction ID: 26da78e6afd9f1a56392ba202a60ad585dcfabea6fed572f36db6f3e29290652
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5bcfa5268327f924c216c6e7576b3c3446c27208da8595fc403c54925a134616
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7F4192B1A00219AFDB10EFA4DC86FAE77B8FF45758F055054F806EB282DB61AD0487A1
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 009957DF Relevance: 17.8, APIs: 7, Strings: 3, Instructions: 308COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • IsInExceptionSpec.LIBVCRUNTIME ref: 009958DA
                                                                                                                                                                                                    • type_info::operator==.LIBVCRUNTIME ref: 00995901
                                                                                                                                                                                                    • ___TypeMatch.LIBVCRUNTIME ref: 00995A0D
                                                                                                                                                                                                    • CatchIt.LIBVCRUNTIME ref: 00995A62
                                                                                                                                                                                                    • IsInExceptionSpec.LIBVCRUNTIME ref: 00995AE8
                                                                                                                                                                                                    • _UnwindNestedFrames.LIBCMT ref: 00995B6F
                                                                                                                                                                                                    • CallUnexpected.LIBVCRUNTIME ref: 00995B8A
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ExceptionSpec$CallCatchFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
                                                                                                                                                                                                    • String ID: csm$csm$csm
                                                                                                                                                                                                    • API String ID: 4234981820-393685449
                                                                                                                                                                                                    • Opcode ID: c46884d6a43e21b4cf022a309e0b6424d356e48631d98fa4291fe23226d85cab
                                                                                                                                                                                                    • Instruction ID: 03a957434fe3c4ed7b9d0dc6bb5074342a22e9f9ffd74777da9b90797b67c671
                                                                                                                                                                                                    • Opcode Fuzzy Hash: c46884d6a43e21b4cf022a309e0b6424d356e48631d98fa4291fe23226d85cab
                                                                                                                                                                                                    • Instruction Fuzzy Hash: DBC18D71800619DFCF2ADFA8C881AAFBBB9BF58310F064559F8156B212D731DA51CBA1
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 008605DD Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 112memoryCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32 ref: 008605FE
                                                                                                                                                                                                    • OpenProcessToken.ADVAPI32(00000000,0000000A,?), ref: 00860608
                                                                                                                                                                                                      • Part of subcall function 00851B9C: GetLastError.KERNEL32(00000000,?,-00000001,?,008512C9,00000000), ref: 00851BAB
                                                                                                                                                                                                      • Part of subcall function 00851B9C: SetLastError.KERNEL32(00000000,?,008512C9,00000000), ref: 00851BCA
                                                                                                                                                                                                    • GetTokenInformation.ADVAPI32(?,00000001(TokenIntegrityLevel),00000000,00000000,?,?), ref: 0086063A
                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00860644
                                                                                                                                                                                                    • LocalAlloc.KERNEL32(00000040,?), ref: 00860654
                                                                                                                                                                                                    • GetTokenInformation.ADVAPI32(?,00000001(TokenIntegrityLevel),00000000,?,?), ref: 00860670
                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 0086068C
                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 008606D9
                                                                                                                                                                                                    • LocalFree.KERNEL32(00000000), ref: 00860721
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • ../../opera/desktop/windows/common/access_control/access_control_utils_impl.cc, xrefs: 008606B4, 008606F9
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ErrorLast$Token$InformationLocalProcess$AllocCurrentFreeOpen
                                                                                                                                                                                                    • String ID: ../../opera/desktop/windows/common/access_control/access_control_utils_impl.cc
                                                                                                                                                                                                    • API String ID: 2525985394-4103139186
                                                                                                                                                                                                    • Opcode ID: d337821852b83ae3af0843838fc1ecb88a5adef277086e664f30253b4474dc8e
                                                                                                                                                                                                    • Instruction ID: 751ddb694b9be9b3907da7d90b4623310c95bd1b611839d6e5a410078fbff0a3
                                                                                                                                                                                                    • Opcode Fuzzy Hash: d337821852b83ae3af0843838fc1ecb88a5adef277086e664f30253b4474dc8e
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 11417C71A00219ABEB206FA4DC86BAB7B79FF84710F110158F506AB2D1DB716D44CF62
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 0085CBA0 Relevance: 16.8, APIs: 11, Instructions: 295stringregistryCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                      • Part of subcall function 0085BADE: CharNextW.USER32(?,00000000,75A7A7D0,?,00000000,?,80004005), ref: 0085BB07
                                                                                                                                                                                                      • Part of subcall function 0085BADE: CharNextW.USER32(?,00000000,75A7A7D0,?,00000000,?,80004005), ref: 0085BB1D
                                                                                                                                                                                                    • lstrcmpiW.KERNEL32(?,009A8380,?,?,?,?), ref: 0085CBF1
                                                                                                                                                                                                    • lstrcmpiW.KERNEL32(?,009A8384), ref: 0085CC01
                                                                                                                                                                                                    • lstrcmpiW.KERNEL32(?,009A8388), ref: 0085CC11
                                                                                                                                                                                                    • lstrcmpiW.KERNEL32(?,009A838C), ref: 0085CC21
                                                                                                                                                                                                    • CharNextW.USER32(?), ref: 0085CC86
                                                                                                                                                                                                    • CharNextW.USER32(?), ref: 0085CDC5
                                                                                                                                                                                                    • CharNextW.USER32(00000000), ref: 0085CDDC
                                                                                                                                                                                                    • RegSetValueExW.ADVAPI32(?,?,00000000,00000007,?,-00000002,-00000002), ref: 0085CE30
                                                                                                                                                                                                    • VarUI4FromStr.OLEAUT32(?,00000000,00000000,?), ref: 0085CE81
                                                                                                                                                                                                    • RegSetValueExW.ADVAPI32(?,?,00000000,00000004,?,00000004), ref: 0085CEAF
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CharNext$lstrcmpi$Value$From
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2620931725-0
                                                                                                                                                                                                    • Opcode ID: c03560979a8f8954c688ef9c2307debd47c6af22e42e709a6b49dd1efd3b0226
                                                                                                                                                                                                    • Instruction ID: cfc8bf06ca80818ae2a3e82ff05b01f5005933b634cc6ed79b4f2749dcf1b860
                                                                                                                                                                                                    • Opcode Fuzzy Hash: c03560979a8f8954c688ef9c2307debd47c6af22e42e709a6b49dd1efd3b0226
                                                                                                                                                                                                    • Instruction Fuzzy Hash: EFA1B1719003149FDB249B14CC86BA977B5FF55701F0400A9FE09EB290EBB49E99DF92
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 009367CA Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 248COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetFileInformationByHandleEx.KERNEL32(?,00000002,00000000,00000210,?), ref: 00936816
                                                                                                                                                                                                    • TryAcquireSRWLockExclusive.KERNEL32(?), ref: 00936986
                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(?,?,?,?), ref: 00936A52
                                                                                                                                                                                                    • TryAcquireSRWLockExclusive.KERNEL32(?,?,?), ref: 00936A9C
                                                                                                                                                                                                    • PostQueuedCompletionStatus.KERNEL32(00006461,00000000,?,00000000,?,?), ref: 00936AAE
                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(?,?,?), ref: 00936AB5
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • ../../third_party/crashpad/crashpad/util/win/exception_handler_server.cc, xrefs: 00936840
                                                                                                                                                                                                    • GetFileInformationByHandleEx, xrefs: 0093684F
                                                                                                                                                                                                    • \\.\pipe, xrefs: 009368E3
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ExclusiveLock$AcquireRelease$CompletionFileHandleInformationPostQueuedStatus
                                                                                                                                                                                                    • String ID: ../../third_party/crashpad/crashpad/util/win/exception_handler_server.cc$GetFileInformationByHandleEx$\\.\pipe
                                                                                                                                                                                                    • API String ID: 3092314435-838569524
                                                                                                                                                                                                    • Opcode ID: 4ce4df28dbfdd9c062e577b96f1939570e3d7554ac4822c6f05dd9a14a8f31d6
                                                                                                                                                                                                    • Instruction ID: 1153d4c65c50e6a9c32ee58c3b2ef8ae8905a5db5125091e941cd0dbbf1b25f9
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4ce4df28dbfdd9c062e577b96f1939570e3d7554ac4822c6f05dd9a14a8f31d6
                                                                                                                                                                                                    • Instruction Fuzzy Hash: DEA18EB1500700AFD720DF28C881A56BBE4FF59314F10896EE49ADB752E771F916CB91
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00860C20 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 179COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetNamedSecurityInfoW.ADVAPI32(?,?,?,?,?,?,?,?), ref: 00860C91
                                                                                                                                                                                                    • GetExplicitEntriesFromAclW.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?), ref: 00860CC2
                                                                                                                                                                                                    • LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 00860CE2
                                                                                                                                                                                                    • LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 00860CF0
                                                                                                                                                                                                    • EqualSid.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?), ref: 00860DB3
                                                                                                                                                                                                    • EqualSid.ADVAPI32(FFFFFFFF,?,?,?,?,?,?,?,?,?,?), ref: 00860DF0
                                                                                                                                                                                                    • FreeSid.ADVAPI32(FFFFFFFF,?,?,?,?,?,?,?,?,?), ref: 00860E07
                                                                                                                                                                                                    • FreeSid.ADVAPI32(?,?,?,?,?,?,?,?,?,?), ref: 00860E20
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • ../../opera/desktop/windows/common/access_control/access_control_utils_impl.cc, xrefs: 00860D4C
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Free$EqualLocal$EntriesExplicitFromInfoNamedSecurity
                                                                                                                                                                                                    • String ID: ../../opera/desktop/windows/common/access_control/access_control_utils_impl.cc
                                                                                                                                                                                                    • API String ID: 3814160775-4103139186
                                                                                                                                                                                                    • Opcode ID: db613dfef641299b89de6fd2ecdeb5a5368aa7f1e9b35da7599da474d320b4a8
                                                                                                                                                                                                    • Instruction ID: 5d256c78376cf33fa31a19b37e0c88456ad19fa1e2c2c103f663a369f1c45b67
                                                                                                                                                                                                    • Opcode Fuzzy Hash: db613dfef641299b89de6fd2ecdeb5a5368aa7f1e9b35da7599da474d320b4a8
                                                                                                                                                                                                    • Instruction Fuzzy Hash: AF716B719002699FDB20DFA4CD84BAEBBB5FF44310F05459AE809B7251DB71AE84CFA1
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 008544A0 Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 175COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _strlen
                                                                                                                                                                                                    • String ID: No name in a registry key value$No type information on a registry key value$Registry value is not a dictionary$data$name$type
                                                                                                                                                                                                    • API String ID: 4218353326-1085468316
                                                                                                                                                                                                    • Opcode ID: a82ddaf994189b718458ab8b14dd34879fa833c2e48c397b5d902852612d15a4
                                                                                                                                                                                                    • Instruction ID: b8a789fc470dd8d65fd5df365af0c19d8c5aa5cf8b4cba85d72433d79f539477
                                                                                                                                                                                                    • Opcode Fuzzy Hash: a82ddaf994189b718458ab8b14dd34879fa833c2e48c397b5d902852612d15a4
                                                                                                                                                                                                    • Instruction Fuzzy Hash: FB51B172608340ABDB14EF58C88196FB7E9FFD5318F00892DF9969B251DB70E849C792
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 008A2DF0 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 166COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetFileAttributesW.KERNEL32(?,?,00000000), ref: 008A2E6C
                                                                                                                                                                                                    • SetLastError.KERNEL32(00000050), ref: 008A2E8D
                                                                                                                                                                                                    • CreateDirectoryW.KERNEL32(?,00000000), ref: 008A2F54
                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 008A2F64
                                                                                                                                                                                                    • GetFileAttributesW.KERNEL32(?,?,00000000), ref: 008A2FDC
                                                                                                                                                                                                    • SetLastError.KERNEL32(?), ref: 008A300E
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ErrorLast$AttributesFile$CreateDirectory
                                                                                                                                                                                                    • String ID: ../../base/files/file_util_win.cc$CreateDirectoryAndGetError$DirectoryExists
                                                                                                                                                                                                    • API String ID: 3677629684-252988939
                                                                                                                                                                                                    • Opcode ID: 3cba2cff0ae265177102a5021f5523cb01c26903b4c47b10c724b5a3557e3db6
                                                                                                                                                                                                    • Instruction ID: 709880ccde4422122f401372da4bbf75d9fa581568e64653a42cfae08f220512
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3cba2cff0ae265177102a5021f5523cb01c26903b4c47b10c724b5a3557e3db6
                                                                                                                                                                                                    • Instruction Fuzzy Hash: BA51ED315087829BE7309F28888576AB7A0FFD6724F104B1DF9E1D76D1EB70A9458B82
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00924980 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 161libraryloaderCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • _strlen.LIBCMT ref: 009249A5
                                                                                                                                                                                                    • EventRegister.ADVAPI32(?,00924AA0,00000000,00000018,?,?,?,?,?,0092496A,Google.Chrome,009B8194,008E2FF0,00000000), ref: 00924A0E
                                                                                                                                                                                                    • GetModuleHandleExW.KERNEL32(00000000,api-ms-win-eventing-provider-l1-1-0.dll,FFFFFFFF), ref: 00924A2C
                                                                                                                                                                                                    • GetModuleHandleExW.KERNEL32(00000000,advapi32.dll,FFFFFFFF), ref: 00924A3E
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(FFFFFFFF,EventSetInformation), ref: 00924A50
                                                                                                                                                                                                    • FreeLibrary.KERNEL32(FFFFFFFF), ref: 00924A76
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • advapi32.dll, xrefs: 00924A37
                                                                                                                                                                                                    • api-ms-win-eventing-provider-l1-1-0.dll, xrefs: 00924A25
                                                                                                                                                                                                    • EventSetInformation, xrefs: 00924A48
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: HandleModule$AddressEventFreeLibraryProcRegister_strlen
                                                                                                                                                                                                    • String ID: EventSetInformation$advapi32.dll$api-ms-win-eventing-provider-l1-1-0.dll
                                                                                                                                                                                                    • API String ID: 2182669159-147808218
                                                                                                                                                                                                    • Opcode ID: 7201d939c9ac2e24d9d35e39cff3870ab15f8c6c3d483fee1dfd3d4f1bb677ac
                                                                                                                                                                                                    • Instruction ID: e46f97b081c21321c15a4f12996ba9ff9080aac73605b298fdc860bea78e6b9d
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7201d939c9ac2e24d9d35e39cff3870ab15f8c6c3d483fee1dfd3d4f1bb677ac
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 63510372A40224AFDB208F55EC84EAB7BE9FF88710F114529F8499B360D771EC11DBA4
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 008BE1C4 Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 156libraryloaderCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                      • Part of subcall function 00843696: _strlen.LIBCMT ref: 008436AD
                                                                                                                                                                                                    • _strlen.LIBCMT ref: 008BE274
                                                                                                                                                                                                    • GetModuleHandleW.KERNEL32(kernel32.dll,?,?,?), ref: 008BE345
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,SetUnhandledExceptionFilter), ref: 008BE355
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _strlen$AddressHandleModuleProc
                                                                                                                                                                                                    • String ID: /prefetch:7$SetUnhandledExceptionFilter$fallback-handler$kernel32.dll$test-child-process$type
                                                                                                                                                                                                    • API String ID: 3627888737-2824896278
                                                                                                                                                                                                    • Opcode ID: d2f9ab31e712ea0b1f769d9a5dd6957f1b95dc38bf3be6f96b5b8945cb05e316
                                                                                                                                                                                                    • Instruction ID: 7220db6e8096a9af243668f8ded09a60b161ecd8f03a80c5ec0f0ede14fc5962
                                                                                                                                                                                                    • Opcode Fuzzy Hash: d2f9ab31e712ea0b1f769d9a5dd6957f1b95dc38bf3be6f96b5b8945cb05e316
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8151E2716087566FDB10FF348846AAF7A99FFC5754F004528F486D7392EA24AA088793
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 008FCDD8 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 83COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetVersion.KERNEL32 ref: 008FCDF1
                                                                                                                                                                                                    • InitializeCriticalSectionEx.KERNEL32(?,00000000,10000000), ref: 008FCE3F
                                                                                                                                                                                                    • InitializeCriticalSection.KERNEL32(?), ref: 008FCE9A
                                                                                                                                                                                                    • __Init_thread_header.LIBCMT ref: 008FCEBE
                                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 008FCEF1
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • InitializeCriticalSectionEx, xrefs: 008FCE7D
                                                                                                                                                                                                    • ::InitializeCriticalSectionEx, xrefs: 008FCED5
                                                                                                                                                                                                    • kernel32.dll, xrefs: 008FCEDA
                                                                                                                                                                                                    • ../../third_party/crashpad/crashpad/util/win/critical_section_with_debug_info.cc, xrefs: 008FCE6B
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CriticalInitializeSection$Init_thread_footerInit_thread_headerVersion
                                                                                                                                                                                                    • String ID: ../../third_party/crashpad/crashpad/util/win/critical_section_with_debug_info.cc$::InitializeCriticalSectionEx$InitializeCriticalSectionEx$kernel32.dll
                                                                                                                                                                                                    • API String ID: 668362183-4281794248
                                                                                                                                                                                                    • Opcode ID: 9c43109211830b62c363fc0bc4cdbf632ae4531937c2bf3da416faeae4c7c4ce
                                                                                                                                                                                                    • Instruction ID: f1c620076c3b6755e486194de63dad32aa571522ebac8f0a01ac82561ca76752
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9c43109211830b62c363fc0bc4cdbf632ae4531937c2bf3da416faeae4c7c4ce
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1E212131A5021C5BDB20A7B8ED47BBE3715FB84710F404126FB15EA2D1E770691096A2
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 008BC770 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 82sleepthreadCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • Sleep.KERNEL32(00000001), ref: 008BC795
                                                                                                                                                                                                    • SleepEx.KERNEL32(000000FF,00000000), ref: 008BC7F8
                                                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 008BC7FE
                                                                                                                                                                                                    • SetEvent.KERNEL32 ref: 008BC81F
                                                                                                                                                                                                    • Sleep.KERNEL32(0000EA60), ref: 008BC82A
                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(../../third_party/crashpad/crashpad/client/crashpad_client_win.cc,000000AF,00000002), ref: 008BC874
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • crash server failed to launch, self-terminating, xrefs: 008BC7D8
                                                                                                                                                                                                    • crash server did not respond, self-terminating, xrefs: 008BC85F
                                                                                                                                                                                                    • ../../third_party/crashpad/crashpad/client/crashpad_client_win.cc, xrefs: 008BC7C6, 008BC84D
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Sleep$Current$EventProcessThread
                                                                                                                                                                                                    • String ID: ../../third_party/crashpad/crashpad/client/crashpad_client_win.cc$crash server did not respond, self-terminating$crash server failed to launch, self-terminating
                                                                                                                                                                                                    • API String ID: 1277712822-2636089577
                                                                                                                                                                                                    • Opcode ID: da1d3a7917c41195e1a7954e53fc6fcd8fa6edca27f621bd308829fe803a9e30
                                                                                                                                                                                                    • Instruction ID: 5025725a17669d99090e354829c0c5067cd1f486c2048b6dff87fec37779597b
                                                                                                                                                                                                    • Opcode Fuzzy Hash: da1d3a7917c41195e1a7954e53fc6fcd8fa6edca27f621bd308829fe803a9e30
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9A21EA31B603146BDB20ABA4EC46BAD3765FB45720F510024F519EB2E1DF71AD44DB93
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 008A7020 Relevance: 15.1, APIs: 10, Instructions: 101threadCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32 ref: 008A7059
                                                                                                                                                                                                    • GetCurrentThread.KERNEL32 ref: 008A705D
                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32 ref: 008A7065
                                                                                                                                                                                                    • DuplicateHandle.KERNEL32(00000000,00000000,00000000,FFFFFFFF,00000000,00000000,00000002), ref: 008A7074
                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 008A7087
                                                                                                                                                                                                    • SetLastError.KERNEL32(00000000), ref: 008A70A6
                                                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 008A70B3
                                                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 008A70E0
                                                                                                                                                                                                    • GetCurrentThread.KERNEL32 ref: 008A70EF
                                                                                                                                                                                                    • GetThreadPriority.KERNEL32(00000000), ref: 008A70F6
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Current$Thread$ErrorLastProcess$DuplicateHandlePriority
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1544239892-0
                                                                                                                                                                                                    • Opcode ID: d728498784d1d8b22e5f336e6a87b4a05113b520b637aa2452c9db9179a5db10
                                                                                                                                                                                                    • Instruction ID: 900713501f884f717ee4180de47bd977b0a7ca41431c2843027d63326460d71d
                                                                                                                                                                                                    • Opcode Fuzzy Hash: d728498784d1d8b22e5f336e6a87b4a05113b520b637aa2452c9db9179a5db10
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1A31E772A042045BE710BB78DC89A2F3B68FF85724F210134F806DB761EE34AC01D693
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 008A4730 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 174fileCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • CreateFileW.KERNEL32(FFFFFFFF,FFFFFFFF,FFFFFFFF,00000000,00000000,FFFFFFFF,00000000,?,00000000), ref: 008A4893
                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 008A48A1
                                                                                                                                                                                                    • SetLastError.KERNEL32(00000000), ref: 008A48D8
                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 008A48E8
                                                                                                                                                                                                    • SetLastError.KERNEL32(00000057,?,00000000), ref: 008A48FE
                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 008A492F
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ErrorLast$CreateFile
                                                                                                                                                                                                    • String ID: ../../base/files/file_win.cc$DoInitialize
                                                                                                                                                                                                    • API String ID: 1722934493-2688016777
                                                                                                                                                                                                    • Opcode ID: 7ddbb0e44cb3d775ff26b35787539814e25e27e7351704c0b44e9f09cfd5c4ca
                                                                                                                                                                                                    • Instruction ID: 68db5a7627885103188ec5b9d59fa48befa0f2f63cdaecef96ea50151ebb1255
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7ddbb0e44cb3d775ff26b35787539814e25e27e7351704c0b44e9f09cfd5c4ca
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 82510572E107505BEB108F28CC8675ABBD1FBD6360F19462CE985D7291D7B8ED0087D2
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 008A3660 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 132COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • MoveFileExW.KERNEL32(008567D1,?,00000003,?,00000000), ref: 008A3706
                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 008A3716
                                                                                                                                                                                                    • GetFileAttributesW.KERNEL32(008567D1,?,00000000), ref: 008A3782
                                                                                                                                                                                                    • SetLastError.KERNEL32(?), ref: 008A3839
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ErrorFileLast$AttributesMove
                                                                                                                                                                                                    • String ID: ../../base/files/file_util_win.cc$CopyAndDeleteDirectory$DirectoryExists$MoveUnsafe
                                                                                                                                                                                                    • API String ID: 3621388860-3041496909
                                                                                                                                                                                                    • Opcode ID: d3d846440c5e52aa5e25a85f10dc2fe1c8342aad8215ea70765c34d77bf8a1a0
                                                                                                                                                                                                    • Instruction ID: c4790600c5800a418a7ef3c1595881b70037f5a571d5145c4eaf7e849d3371c3
                                                                                                                                                                                                    • Opcode Fuzzy Hash: d3d846440c5e52aa5e25a85f10dc2fe1c8342aad8215ea70765c34d77bf8a1a0
                                                                                                                                                                                                    • Instruction Fuzzy Hash: CA5112716143809BE720AB28CC467BAB3A0FFD6724F10471DF5E4966C1EBB4A645C783
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 0085CFC2 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 66libraryloaderregistryCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetModuleHandleW.KERNEL32(Advapi32.dll,?,00000000,?,?,0085C6CA,?), ref: 0085CFE0
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,RegDeleteKeyTransactedW), ref: 0085CFF0
                                                                                                                                                                                                    • GetModuleHandleW.KERNEL32(Advapi32.dll,?,00000000,?,?,0085C6CA,?), ref: 0085D013
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 0085D023
                                                                                                                                                                                                    • RegDeleteKeyW.ADVAPI32(?,?), ref: 0085D05C
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: AddressHandleModuleProc$Delete
                                                                                                                                                                                                    • String ID: Advapi32.dll$RegDeleteKeyExW$RegDeleteKeyTransactedW
                                                                                                                                                                                                    • API String ID: 2668475584-1053001802
                                                                                                                                                                                                    • Opcode ID: 05f8afe516d97a21112bd54fa8d096f695327969d4a18772794e05485232cfa9
                                                                                                                                                                                                    • Instruction ID: 039d470aab1072eedab22be761a65f6108e36a9e950fea830ac3ddc4a9e3b01f
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 05f8afe516d97a21112bd54fa8d096f695327969d4a18772794e05485232cfa9
                                                                                                                                                                                                    • Instruction Fuzzy Hash: C8116D35258744FBEB304B25DC88F637BA8FB8575AF148029BD41D60E0DBA5EC09EA61
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00979230 Relevance: 13.6, APIs: 9, Instructions: 129memoryCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(00000000,00000000,00842504,00842506,00000000,00000000,FF355567,00000000,?,00000000,Function_0013BD70,009EE718,000000FE,?,00842504,WQL), ref: 009792B9
                                                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(00000000,00000000,00842504,?,00000000,00000000), ref: 00979334
                                                                                                                                                                                                    • SysAllocString.OLEAUT32(00000000), ref: 0097933F
                                                                                                                                                                                                    • _com_issue_error.COMSUPP ref: 00979368
                                                                                                                                                                                                    • _com_issue_error.COMSUPP ref: 00979372
                                                                                                                                                                                                    • GetLastError.KERNEL32(80070057,FF355567,00000000,?,00000000,Function_0013BD70,009EE718,000000FE,?,00842504,WQL), ref: 00979377
                                                                                                                                                                                                    • _com_issue_error.COMSUPP ref: 0097938A
                                                                                                                                                                                                    • GetLastError.KERNEL32(00000000,?,?,?,?,?,SELECT * FROM Win32_Process WHERE ExecutablePath = '), ref: 009793A0
                                                                                                                                                                                                    • _com_issue_error.COMSUPP ref: 009793B3
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _com_issue_error$ByteCharErrorLastMultiWide$AllocString
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1353541977-0
                                                                                                                                                                                                    • Opcode ID: 6cccefc550771303d4b55f24e3f1c4627cd4630cd75ab297225d3af798b0c87f
                                                                                                                                                                                                    • Instruction ID: 58b6084e4b1d81acf3a5921b5a42b945dcd31aac85c42f93967440672898fc1b
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6cccefc550771303d4b55f24e3f1c4627cd4630cd75ab297225d3af798b0c87f
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5041D673A00644EBDB109F648C86BAE77BCEB85764F108229F419EB6D1DB399900C7A5
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00884020 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 186libraryloaderCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • LoadLibraryExW.KERNEL32(api-ms-win-downlevel-shell32-l1-1-0.dll,00000000,00000800,?,?,?,?,?,?,?,?,00000000,04B32D48), ref: 00884072
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,CommandLineToArgvW), ref: 00884085
                                                                                                                                                                                                    • CommandLineToArgvW.SHELL32(?,00000000,?,?,?,?,?,?,?,?,00000000,04B32D48), ref: 0088409F
                                                                                                                                                                                                    • LocalFree.KERNEL32(00000000,?), ref: 008841C7
                                                                                                                                                                                                    • FreeLibrary.KERNEL32(?), ref: 008841D5
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • api-ms-win-downlevel-shell32-l1-1-0.dll, xrefs: 0088406D
                                                                                                                                                                                                    • CommandLineToArgvW, xrefs: 0088407F
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: FreeLibrary$AddressArgvCommandLineLoadLocalProc
                                                                                                                                                                                                    • String ID: CommandLineToArgvW$api-ms-win-downlevel-shell32-l1-1-0.dll
                                                                                                                                                                                                    • API String ID: 787947344-3353834106
                                                                                                                                                                                                    • Opcode ID: dbd91761988c03fd04cfc9e74ce4b70eca78736ab69630b245f133f02b71dfa6
                                                                                                                                                                                                    • Instruction ID: 74e53c018825f99488ffc4e18592da447a5646dbae371ec6ba0290e59bdaa966
                                                                                                                                                                                                    • Opcode Fuzzy Hash: dbd91761988c03fd04cfc9e74ce4b70eca78736ab69630b245f133f02b71dfa6
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0F518FB2E0021A9FDB10EFA4DC85BAEBBB9FF58314F144129E805E7250D774AD45CBA1
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 0084E648 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 168COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • _strncpy.LIBCMT ref: 0084E6F1
                                                                                                                                                                                                    • _strlen.LIBCMT ref: 0084E738
                                                                                                                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0084E7B7
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@_strlen_strncpy
                                                                                                                                                                                                    • String ID: %s%s %s$%s:%s$[%03u.%03u] $[printf format error]
                                                                                                                                                                                                    • API String ID: 3471477319-1858063255
                                                                                                                                                                                                    • Opcode ID: 72159cc25b71335c204592d99e1784564155c354ceb1135d4e92d9598f8234ec
                                                                                                                                                                                                    • Instruction ID: b0e58df6b91892026e86a53606851d73148cddb1a897f7e8f3ea80635cdb87c6
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 72159cc25b71335c204592d99e1784564155c354ceb1135d4e92d9598f8234ec
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6951E7B2A003446BE714AF289C42F6BB7ADFFD5310F054539F849D7292EA71D914C6A2
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 008A4230 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 104fileCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: File$Pointer
                                                                                                                                                                                                    • String ID: ../../base/files/file_win.cc$File::SetLength$SetLength
                                                                                                                                                                                                    • API String ID: 1339342385-2248197467
                                                                                                                                                                                                    • Opcode ID: 29060e7050db18f942237531d6f981eb62bded11f8cc2adae95c8a582c5a8391
                                                                                                                                                                                                    • Instruction ID: 55d8386adea40e71738f7d2a3114da402b399e424d32ccbf9b94dc874c69baa7
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 29060e7050db18f942237531d6f981eb62bded11f8cc2adae95c8a582c5a8391
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4D4149715183419BD710EF28C885A5BBBE4FFC9724F108B1DF4E496291E7B0D904CB92
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 008A6E30 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 84synchronizationthreadCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetThreadId.KERNEL32(?), ref: 008A6E4A
                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 008A6E60
                                                                                                                                                                                                    • WaitForSingleObject.KERNEL32(?,000000FF,?,00000000), ref: 008A6F00
                                                                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 008A6F0D
                                                                                                                                                                                                    • CloseHandle.KERNEL32(?,?), ref: 008A6F46
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • ../../base/threading/platform_thread_win.cc, xrefs: 008A6EDC
                                                                                                                                                                                                    • Join, xrefs: 008A6EE1
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CloseHandle$ErrorLastObjectSingleThreadWait
                                                                                                                                                                                                    • String ID: ../../base/threading/platform_thread_win.cc$Join
                                                                                                                                                                                                    • API String ID: 2286813250-821740204
                                                                                                                                                                                                    • Opcode ID: 116d38cf66309a1b7d32865b40a55ef7494896ef0518f268383c92080cfaada9
                                                                                                                                                                                                    • Instruction ID: 7d2b2ab15d39998a44a20008d922384e0cc9a75aa5b507a96cf86c27a8f8953a
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 116d38cf66309a1b7d32865b40a55ef7494896ef0518f268383c92080cfaada9
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5021A2714183859BC700EFA8DC4599EBBA8FFC5360F104B1DF9A5861E0EB709604CB83
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 008A32A0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 84fileCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • CreateFileW.KERNEL32 ref: 008A3330
                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 008A3341
                                                                                                                                                                                                    • SetLastError.KERNEL32(00000000), ref: 008A3357
                                                                                                                                                                                                    • WriteFile.KERNEL32(00000000,?,?,?,00000000), ref: 008A3370
                                                                                                                                                                                                    • SetLastError.KERNEL32(00000000), ref: 008A339B
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ErrorLast$File$CreateWrite
                                                                                                                                                                                                    • String ID: ../../base/files/file_util_win.cc$WriteFile
                                                                                                                                                                                                    • API String ID: 148983963-2054578350
                                                                                                                                                                                                    • Opcode ID: 95c509914750346c3b5692a11364221252e8659aeb0cac43655d056231aaba68
                                                                                                                                                                                                    • Instruction ID: 9ff9ac64a2d77153fcbc13d6264b5d2eb63426e62348b155336f8d118ee6b1a8
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 95c509914750346c3b5692a11364221252e8659aeb0cac43655d056231aaba68
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4A31D5729183819BD710AF28DC8566EB7A8FFC6734F10071CF9A0972E1DB70A9448793
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 008A23C0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 80fileCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetFileAttributesW.KERNEL32(00843FCC,?,00000000), ref: 008A2430
                                                                                                                                                                                                    • CreateFileW.KERNEL32(00843FCC,00843FCC,00000007,00000000,00000003,02000000,00000000), ref: 008A2459
                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,-7FFFFFFF), ref: 008A2465
                                                                                                                                                                                                    • SetLastError.KERNEL32(00000000), ref: 008A2478
                                                                                                                                                                                                    • SetLastError.KERNEL32(00000000), ref: 008A2491
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • ../../base/files/file_util_win.cc, xrefs: 008A2408
                                                                                                                                                                                                    • PathHasAccess, xrefs: 008A240D
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ErrorLast$File$AttributesCreate
                                                                                                                                                                                                    • String ID: ../../base/files/file_util_win.cc$PathHasAccess
                                                                                                                                                                                                    • API String ID: 3969751566-2396493888
                                                                                                                                                                                                    • Opcode ID: 316b6e0fe0a432e769116f6d33012e937751fa361bd9a69fe2f164cf31b943c3
                                                                                                                                                                                                    • Instruction ID: 9a3a3406ad20e02ef39e068aec858eeeed091aa98b7c03a9db1975db272940a5
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 316b6e0fe0a432e769116f6d33012e937751fa361bd9a69fe2f164cf31b943c3
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3A2129715043806BE7206B3C8C86B6A7765FFC6734F10071CF5A5A61E1EB64A8058787
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 008A8440 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 60libraryloaderCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • __Init_thread_header.LIBCMT ref: 008A848D
                                                                                                                                                                                                    • GetModuleHandleW.KERNEL32(kernel32.dll,?,?,0088A24E,00000004,?), ref: 008A84AF
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetProcessMitigationPolicy), ref: 008A84BB
                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32 ref: 008A84CE
                                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 008A84F9
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: AddressCurrentHandleInit_thread_footerInit_thread_headerModuleProcProcess
                                                                                                                                                                                                    • String ID: GetProcessMitigationPolicy$kernel32.dll
                                                                                                                                                                                                    • API String ID: 3099737979-1680159014
                                                                                                                                                                                                    • Opcode ID: 18e68c4073fa6d24d026211838affc95ec73043ea839132b76e1e4100636294e
                                                                                                                                                                                                    • Instruction ID: 623955cc31afd27b7f4138d9b1818fed2f99dfbd5dc8986fa98a2bff674c86d9
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 18e68c4073fa6d24d026211838affc95ec73043ea839132b76e1e4100636294e
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5D11CC31B96205CFE7109B78ED56BFA3764FB0A324F244028E985C72A0CF316800DBB2
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00860EA0 Relevance: 12.3, APIs: 8, Instructions: 288memoryCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • FreeSid.ADVAPI32(00000000), ref: 008610A2
                                                                                                                                                                                                    • SetEntriesInAclW.ADVAPI32(00000001,?,?,00000000), ref: 008610BD
                                                                                                                                                                                                    • LocalFree.KERNEL32(?), ref: 008610D1
                                                                                                                                                                                                    • SetNamedSecurityInfoW.ADVAPI32 ref: 00861133
                                                                                                                                                                                                    • FreeSid.ADVAPI32(?), ref: 00861189
                                                                                                                                                                                                    • LocalFree.KERNEL32(?), ref: 008611B1
                                                                                                                                                                                                    • AllocateAndInitializeSid.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,00000004,?,?,00860DE5), ref: 0086122C
                                                                                                                                                                                                      • Part of subcall function 00861273: AllocateAndInitializeSid.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,00000004,?,?,00860DA3), ref: 008612C3
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Free$AllocateInitializeLocal$EntriesInfoNamedSecurity
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1499235685-0
                                                                                                                                                                                                    • Opcode ID: 62e6a7e60f270dfa2e587d70820ce401b58d6782697ee8a09e3fc136c4d1f9bf
                                                                                                                                                                                                    • Instruction ID: 69d6c235361164d536c0be7369d8ac98afffb8cfd06a6219dcd233798c54108a
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 62e6a7e60f270dfa2e587d70820ce401b58d6782697ee8a09e3fc136c4d1f9bf
                                                                                                                                                                                                    • Instruction Fuzzy Hash: E9B18C71A083418FCB10DF68D98462FFBE5FF89714F068A2DE985D7291DB71A944CB82
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 008600E0 Relevance: 12.1, APIs: 8, Instructions: 119memoryCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32 ref: 008600FC
                                                                                                                                                                                                    • OpenProcessToken.ADVAPI32(00000000,0000000A,?), ref: 00860106
                                                                                                                                                                                                      • Part of subcall function 00851B9C: GetLastError.KERNEL32(00000000,?,-00000001,?,008512C9,00000000), ref: 00851BAB
                                                                                                                                                                                                      • Part of subcall function 00851B9C: SetLastError.KERNEL32(00000000,?,008512C9,00000000), ref: 00851BCA
                                                                                                                                                                                                    • GetTokenInformation.ADVAPI32(?,00000012(TokenIntegrityLevel),?,00000004,?,?), ref: 0086014E
                                                                                                                                                                                                    • GetTokenInformation.ADVAPI32(?,00000013(TokenIntegrityLevel),?,00000004,?), ref: 00860174
                                                                                                                                                                                                    • DuplicateToken.ADVAPI32(?,00000001,?,?), ref: 00860193
                                                                                                                                                                                                    • AllocateAndInitializeSid.ADVAPI32 ref: 008601F1
                                                                                                                                                                                                    • CheckTokenMembership.ADVAPI32(?,?,?), ref: 00860208
                                                                                                                                                                                                    • FreeSid.ADVAPI32(?), ref: 0086021C
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Token$ErrorInformationLastProcess$AllocateCheckCurrentDuplicateFreeInitializeMembershipOpen
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3176607045-0
                                                                                                                                                                                                    • Opcode ID: fa0f84520646737da51a329e2952e0cba7277a557f0febc704240ff1653de517
                                                                                                                                                                                                    • Instruction ID: 7f7ca21172c5b7b3173edbd989960bc8970bc3ff17039a48e57b29ce8b6fa1a0
                                                                                                                                                                                                    • Opcode Fuzzy Hash: fa0f84520646737da51a329e2952e0cba7277a557f0febc704240ff1653de517
                                                                                                                                                                                                    • Instruction Fuzzy Hash: DC41AA719103099FDF119FA4CC88AEEBBB4FF49320F104129E911F62A0EB31A985DF25
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00864A40 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 244COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetDesktopWindow.USER32 ref: 00864AE8
                                                                                                                                                                                                    • FindWindowExW.USER32(00000000,00000000,ApplicationFrameWindow,00000000), ref: 00864AF6
                                                                                                                                                                                                    • GetDesktopWindow.USER32 ref: 00864BB5
                                                                                                                                                                                                    • FindWindowExW.USER32(00000000,?,ApplicationFrameWindow,00000000), ref: 00864BC4
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Window$DesktopFind
                                                                                                                                                                                                    • String ID: ApplicationFrameWindow$http
                                                                                                                                                                                                    • API String ID: 2454690640-1697478608
                                                                                                                                                                                                    • Opcode ID: 2d841bef4d7c06b6c267eb95d13e7a8a126024f8c3a8fff79902db5e45f8dc56
                                                                                                                                                                                                    • Instruction ID: 7c46cd9df3589c0143f59a24afbdb627421637927239b34206b754ef20eddfee
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2d841bef4d7c06b6c267eb95d13e7a8a126024f8c3a8fff79902db5e45f8dc56
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7881D7B1E013099FDB14EFA8D881AAEBBB5FF44310F154029E815E7351EB70AA05CBD2
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00900B4C Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 165COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 00900B68
                                                                                                                                                                                                    • OpenProcess.KERNEL32(00000451,00000001,00000000), ref: 00900B76
                                                                                                                                                                                                      • Part of subcall function 00851B9C: GetLastError.KERNEL32(00000000,?,-00000001,?,008512C9,00000000), ref: 00851BAB
                                                                                                                                                                                                      • Part of subcall function 00851B9C: SetLastError.KERNEL32(00000000,?,008512C9,00000000), ref: 00851BCA
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ErrorLastProcess$CurrentOpen
                                                                                                                                                                                                    • String ID: --thread=$database$exception-pointers$process
                                                                                                                                                                                                    • API String ID: 4145867261-852626237
                                                                                                                                                                                                    • Opcode ID: 461cf971f1562b1b402f7f7928d71f4048bda8cf0d7362e2ad9d4781af9bd1ee
                                                                                                                                                                                                    • Instruction ID: 224347162ab59d82178d2b5ab15655847f19795650d4317fb74b2ec099f9ff97
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 461cf971f1562b1b402f7f7928d71f4048bda8cf0d7362e2ad9d4781af9bd1ee
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8751AD72508306AFDB00EF64D886AABBBE5FFD4714F00492DF0C5961A1EB71E6498793
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 008A4C10 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 161fileCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • CreateFileMappingW.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,?,00000000), ref: 008A4CCF
                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 008A4CE2
                                                                                                                                                                                                    • SetLastError.KERNEL32(00000000), ref: 008A4D1D
                                                                                                                                                                                                    • MapViewOfFile.KERNEL32(?,?,?,?,?), ref: 008A4DF9
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • MapFileRegionToMemory, xrefs: 008A4C5A
                                                                                                                                                                                                    • ../../base/files/memory_mapped_file_win.cc, xrefs: 008A4C55
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ErrorFileLast$CreateMappingView
                                                                                                                                                                                                    • String ID: ../../base/files/memory_mapped_file_win.cc$MapFileRegionToMemory
                                                                                                                                                                                                    • API String ID: 2231327692-1672964651
                                                                                                                                                                                                    • Opcode ID: 361560a2879ddb21e67bc85badf30e861dc6f597278c30bdf78bb30ba88cd798
                                                                                                                                                                                                    • Instruction ID: 954f1ba85040d2dc016d19624b27643a9d78bf13cdfbb4b60ded5f940194a488
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 361560a2879ddb21e67bc85badf30e861dc6f597278c30bdf78bb30ba88cd798
                                                                                                                                                                                                    • Instruction Fuzzy Hash: F4518F716043409BEB10DF18C881B2BB7E5FBC6724F144A1DF586C7691DBB4E905CB56
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00902F68 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 148COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _strlen
                                                                                                                                                                                                    • String ID: has duplicate key $ requires KEY=VALUE$, discarding value $../../third_party/crashpad/crashpad/handler/handler_main.cc
                                                                                                                                                                                                    • API String ID: 4218353326-2426739506
                                                                                                                                                                                                    • Opcode ID: 9ad2ff697ebb080208e13b7be94e63ec2d03fc54c4dd610049b25888678ee256
                                                                                                                                                                                                    • Instruction ID: ae528b1288a7a48d873300334f2eb621d1931cdb5bf852b56564c3e618c4a5e5
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9ad2ff697ebb080208e13b7be94e63ec2d03fc54c4dd610049b25888678ee256
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7B4126B18083547FDA20AB54DC46FABBFACEFD1744F008419F88867282E3705A19C7A3
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 008A6CC0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 106threadCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • CreateThread.KERNEL32(00000000,00100000,008A7020,00000000,00010000,00000000), ref: 008A6D0B
                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?), ref: 008A6D22
                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,?,?,?), ref: 008A6D4E
                                                                                                                                                                                                    • __Init_thread_header.LIBCMT ref: 008A6DD2
                                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 008A6DFC
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • create_thread_last_error, xrefs: 008A6DE5
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CloseCreateErrorHandleInit_thread_footerInit_thread_headerLastThread
                                                                                                                                                                                                    • String ID: create_thread_last_error
                                                                                                                                                                                                    • API String ID: 1016829980-3219933969
                                                                                                                                                                                                    • Opcode ID: 934040bd18469a554ac2d0fb85699ac6250ddd51c6d55df867175bfed345654b
                                                                                                                                                                                                    • Instruction ID: 36f2ba8b12380820d2ac2538bc2d10c2dfc1d9da894dc35cb7e02222c1dbc7a9
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 934040bd18469a554ac2d0fb85699ac6250ddd51c6d55df867175bfed345654b
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 34315972B042199BFB109F68DC86BBE77A4FB46344F084024F949DA691E6329C11DB62
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 0085B41A Relevance: 10.6, APIs: 7, Instructions: 101libraryCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • LoadLibraryExW.KERNEL32(?,00000000,00000060), ref: 0085B461
                                                                                                                                                                                                    • LoadLibraryExW.KERNEL32(?,00000000,00000002), ref: 0085B472
                                                                                                                                                                                                      • Part of subcall function 0085B14F: GetLastError.KERNEL32(?,0085B513), ref: 0085B152
                                                                                                                                                                                                    • FindResourceW.KERNEL32(00000000,?,?), ref: 0085B489
                                                                                                                                                                                                    • LoadResource.KERNEL32(00000000,00000000), ref: 0085B497
                                                                                                                                                                                                    • SizeofResource.KERNEL32(00000000,00000000), ref: 0085B4A9
                                                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(00000003,00000000,?,00000000,?,00000000,00000001), ref: 0085B4E1
                                                                                                                                                                                                    • FreeLibrary.KERNEL32(00000000), ref: 0085B516
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: LibraryLoadResource$ByteCharErrorFindFreeLastMultiSizeofWide
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3178495524-0
                                                                                                                                                                                                    • Opcode ID: b6e8f9151337bb2581044482cab7979e5f7bfc9d339ca61635b9dcfc27670507
                                                                                                                                                                                                    • Instruction ID: 85cd544f2f507193a526822d4c5b210bce4af26083391c30e6dbfae4401f5a75
                                                                                                                                                                                                    • Opcode Fuzzy Hash: b6e8f9151337bb2581044482cab7979e5f7bfc9d339ca61635b9dcfc27670507
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7A31A1B1A0011DABDB249F24DC45BAA777CFF94351F108075FA05DA291EB30DE85CB66
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 008A7520 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 96registryCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • CreateEventW.KERNEL32(?,?,?,?,008A7DF6,FF355567,FF355567), ref: 008A754E
                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,008A7DF6,FF355567,FF355567), ref: 008A755B
                                                                                                                                                                                                    • SetLastError.KERNEL32(00000000,?,?,?,?,008A7DF6,FF355567,FF355567), ref: 008A7598
                                                                                                                                                                                                      • Part of subcall function 008A8370: GetHandleVerifier.ASSISTANT_INSTALLER(?,?,008A631A,?,00000000,?,009F4CF8,?,?,?,?,008A648D,00000000), ref: 008A8377
                                                                                                                                                                                                    • RegNotifyChangeKeyValue.ADVAPI32(-0000000C,00000001,0000000F,?,00000001,008A7DF6,FF355567,FF355567), ref: 008A75D7
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ErrorLast$ChangeCreateEventHandleNotifyValueVerifier
                                                                                                                                                                                                    • String ID: ../../base/win/registry.cc$StartWatching
                                                                                                                                                                                                    • API String ID: 2078779793-73839631
                                                                                                                                                                                                    • Opcode ID: aaf03825eb5423258ba03fbbba95025aa91973861ed98bdc93b43c7a41f50de7
                                                                                                                                                                                                    • Instruction ID: 610fadf5e736e19067fe7aaf5d0e44baf12c124578180efd0bc77e4769bc96d4
                                                                                                                                                                                                    • Opcode Fuzzy Hash: aaf03825eb5423258ba03fbbba95025aa91973861ed98bdc93b43c7a41f50de7
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8531F731A042089BEB10AF68CD86B6B77A5FF46714F00483CF54ADB652DB31F905D752
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 008A4AC0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 95fileCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • CreateFileMappingW.KERNEL32 ref: 008A4B50
                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 008A4B5D
                                                                                                                                                                                                    • SetLastError.KERNEL32(00000000), ref: 008A4B9A
                                                                                                                                                                                                      • Part of subcall function 008A8370: GetHandleVerifier.ASSISTANT_INSTALLER(?,?,008A631A,?,00000000,?,009F4CF8,?,?,?,?,008A648D,00000000), ref: 008A8377
                                                                                                                                                                                                    • MapViewOfFile.KERNEL32 ref: 008A4BE1
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • MapImageToMemory, xrefs: 008A4B08
                                                                                                                                                                                                    • ../../base/files/memory_mapped_file_win.cc, xrefs: 008A4B03
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ErrorFileLast$CreateHandleMappingVerifierView
                                                                                                                                                                                                    • String ID: ../../base/files/memory_mapped_file_win.cc$MapImageToMemory
                                                                                                                                                                                                    • API String ID: 1014098455-1841746395
                                                                                                                                                                                                    • Opcode ID: f4960e7f304fabeebcc5218d739ce3153fdc0732438d9ff49c6c7dcad5be95ca
                                                                                                                                                                                                    • Instruction ID: 43606c220aa56b1543d16b9a961a783f973f310529448aa999eb88ab8fe2bcfc
                                                                                                                                                                                                    • Opcode Fuzzy Hash: f4960e7f304fabeebcc5218d739ce3153fdc0732438d9ff49c6c7dcad5be95ca
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5831CE729147418BD710AF28888262AB7E5FFCA720F000B2DF5C6C7691EBB0E905C797
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 008A8510 Relevance: 10.6, APIs: 7, Instructions: 92COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • __Init_thread_header.LIBCMT ref: 008A856A
                                                                                                                                                                                                    • GetVersionExW.KERNEL32(0000011C), ref: 008A859C
                                                                                                                                                                                                    • GetProductInfo.KERNEL32(?,?,00000000,00000000,00000000), ref: 008A85BB
                                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 008A8607
                                                                                                                                                                                                    • __Init_thread_header.LIBCMT ref: 008A8619
                                                                                                                                                                                                      • Part of subcall function 009794E7: EnterCriticalSection.KERNEL32(009F4FC0,?,?,?,008DEFCF,009F5134,?,?,?,?,008DEBD1,00000000,00000000), ref: 009794F2
                                                                                                                                                                                                      • Part of subcall function 009794E7: LeaveCriticalSection.KERNEL32(009F4FC0,?,?,?,008DEFCF,009F5134,?,?,?,?,008DEBD1,00000000,00000000), ref: 0097952F
                                                                                                                                                                                                    • GetNativeSystemInfo.KERNEL32(?), ref: 008A8644
                                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 008A8670
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CriticalInfoInit_thread_footerInit_thread_headerSection$EnterLeaveNativeProductSystemVersion
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2982442099-0
                                                                                                                                                                                                    • Opcode ID: 14f2cd123de439064da58a8579e9ce5312fbb72367aa406fa1ba5b25e778fea6
                                                                                                                                                                                                    • Instruction ID: f46e1ad720ebada9e20ad8fba8678a4c780b8f2aa81b622b7dc8cf0f7373c15f
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 14f2cd123de439064da58a8579e9ce5312fbb72367aa406fa1ba5b25e778fea6
                                                                                                                                                                                                    • Instruction Fuzzy Hash: CA310471918384DBE310DF68EC42BFBB3A4FBC9314F104629FA94872A1DB316840DB92
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00849680 Relevance: 10.6, APIs: 7, Instructions: 88memoryCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • AllocateAndInitializeSid.ADVAPI32 ref: 008496E0
                                                                                                                                                                                                    • GetNamedSecurityInfoW.ADVAPI32 ref: 00849740
                                                                                                                                                                                                    • BuildTrusteeWithSidW.ADVAPI32 ref: 00849778
                                                                                                                                                                                                    • SetEntriesInAclW.ADVAPI32 ref: 008497A0
                                                                                                                                                                                                    • SetNamedSecurityInfoW.ADVAPI32 ref: 008497CC
                                                                                                                                                                                                    • LocalFree.KERNEL32 ref: 008497DC
                                                                                                                                                                                                    • LocalFree.KERNEL32 ref: 008497EC
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: FreeInfoLocalNamedSecurity$AllocateBuildEntriesInitializeTrusteeWith
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 617183956-0
                                                                                                                                                                                                    • Opcode ID: 68e0bdb80395da2a09773a4f4f799213b4f6721d076c22ad8b2cab89abf5aef5
                                                                                                                                                                                                    • Instruction ID: 60ba2e2ae8e854bac079a9c2ff29e9ff635ad9108ec2fc7f4a27d0bf0d202a18
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 68e0bdb80395da2a09773a4f4f799213b4f6721d076c22ad8b2cab89abf5aef5
                                                                                                                                                                                                    • Instruction Fuzzy Hash: BB41E8718187858FD700DF68D5847AAFBF0BF99354F008A1DF8D496260EB74A988CB83
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 0084D06C Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 25libraryloaderCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                      • Part of subcall function 0084CC90: _strlen.LIBCMT ref: 0084CD83
                                                                                                                                                                                                      • Part of subcall function 0098D9B4: IsProcessorFeaturePresent.KERNEL32(00000017,00996F16,?,0098C03F,?,?,?,00000000,?,?,0084CEDF,?,?,?,0087EE62,?), ref: 0098D9D0
                                                                                                                                                                                                    • GetModuleHandleA.KERNEL32(ntdll.dll), ref: 0084D098
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,RtlCaptureStackBackTrace), ref: 0084D0A4
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: AddressFeatureHandleModulePresentProcProcessor_strlen
                                                                                                                                                                                                    • String ID: Bad variant access$RtlCaptureStackBackTrace$bad_variant_access.cc$ntdll.dll
                                                                                                                                                                                                    • API String ID: 1358637221-3051016021
                                                                                                                                                                                                    • Opcode ID: 896cb6292848bcb53c369c93b1cf4f85651cc381edd335f290a90cb5973d74a9
                                                                                                                                                                                                    • Instruction ID: 78feedca753e75f0e4c5682773670582778aaa80f548ede2be499fbb2bf5bf9b
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 896cb6292848bcb53c369c93b1cf4f85651cc381edd335f290a90cb5973d74a9
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 64D05E21699308BBE20077ED6C4BE163B2CE796F0CF904421FA29956D3EDAA650057E3
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 009909A4 Relevance: 9.3, APIs: 6, Instructions: 317fileCOMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetConsoleOutputCP.KERNEL32(?,00000000,?), ref: 009909EC
                                                                                                                                                                                                    • __fassign.LIBCMT ref: 00990BD1
                                                                                                                                                                                                    • __fassign.LIBCMT ref: 00990BEE
                                                                                                                                                                                                    • WriteFile.KERNEL32(?,00000000,00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00990C36
                                                                                                                                                                                                    • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 00990C76
                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000), ref: 00990D1E
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: FileWrite__fassign$ConsoleErrorLastOutput
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1735259414-0
                                                                                                                                                                                                    • Opcode ID: fb9a51ede91f16e51da7de6361c4a350d7e9bb7f8d3978748827794dc09d8b7b
                                                                                                                                                                                                    • Instruction ID: bfd3d5611a2406699cc16aa45665641876e90dec54c99115d047b800683b755a
                                                                                                                                                                                                    • Opcode Fuzzy Hash: fb9a51ede91f16e51da7de6361c4a350d7e9bb7f8d3978748827794dc09d8b7b
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 16C17E75D042599FCF15CFECC8809EDBBB9AF88314F28416AE865B7242D631AD42CB60
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 0098CFD7 Relevance: 9.3, APIs: 6, Instructions: 301COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 835da55e5d032241c192e57ce7b61eebd14919f54422be4a3bbf2ab66fe59c6b
                                                                                                                                                                                                    • Instruction ID: 8679b9cd2a3746f5bc934351a5a697dc9c671c6ac341728e124be11851f6ab95
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 835da55e5d032241c192e57ce7b61eebd14919f54422be4a3bbf2ab66fe59c6b
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3FC1DE70E09245AFDB19FF98D881BAEBBB4BF49314F14415AE411AB3D2C7349D42CB62
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00860260 Relevance: 9.1, APIs: 6, Instructions: 125COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32 ref: 00860305
                                                                                                                                                                                                    • OpenProcessToken.ADVAPI32(00000000,0000000A,?), ref: 0086030F
                                                                                                                                                                                                    • DuplicateToken.ADVAPI32(?,00000001,?,?), ref: 00860338
                                                                                                                                                                                                    • GetNamedSecurityInfoW.ADVAPI32 ref: 00860387
                                                                                                                                                                                                    • AccessCheck.ADVAPI32(?,?,?,?,?,?,?,?), ref: 008603B5
                                                                                                                                                                                                    • LocalFree.KERNEL32(00000000), ref: 008603EC
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ProcessToken$AccessCheckCurrentDuplicateFreeInfoLocalNamedOpenSecurity
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1559206406-0
                                                                                                                                                                                                    • Opcode ID: 2c1164046235cde0a145168085bae058291d0ba4274aff3a98ef26d696739a44
                                                                                                                                                                                                    • Instruction ID: 175925ddfb62918884a0114b7f08e1e73f5a6a103002b06159c5a4d490c44cb5
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2c1164046235cde0a145168085bae058291d0ba4274aff3a98ef26d696739a44
                                                                                                                                                                                                    • Instruction Fuzzy Hash: BF419C71A083459FD700CF69D884A6BBBE5FF88354F018A2EF49597360EB71D949CB42
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00890100 Relevance: 9.1, APIs: 6, Instructions: 103COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • TryAcquireSRWLockExclusive.KERNEL32(009F3F44,?,?,008CDA32,?), ref: 0089015D
                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(009F3F44,FFFFFFFF,008CDA32), ref: 008901EF
                                                                                                                                                                                                    • __Init_thread_header.LIBCMT ref: 0089021D
                                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 00890255
                                                                                                                                                                                                    • __Init_thread_header.LIBCMT ref: 00890267
                                                                                                                                                                                                      • Part of subcall function 009794E7: EnterCriticalSection.KERNEL32(009F4FC0,?,?,?,008DEFCF,009F5134,?,?,?,?,008DEBD1,00000000,00000000), ref: 009794F2
                                                                                                                                                                                                      • Part of subcall function 009794E7: LeaveCriticalSection.KERNEL32(009F4FC0,?,?,?,008DEFCF,009F5134,?,?,?,?,008DEBD1,00000000,00000000), ref: 0097952F
                                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 0089028B
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CriticalExclusiveInit_thread_footerInit_thread_headerLockSection$AcquireEnterLeaveRelease
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 604925594-0
                                                                                                                                                                                                    • Opcode ID: 7053433a51d96a4a5eca6f5ba62ac0817082748046b8edc7c2370d498c06ca83
                                                                                                                                                                                                    • Instruction ID: e041a01616ae932fa753bf90f1b23729c1d05395003956eb34a7b2b69f0a1feb
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7053433a51d96a4a5eca6f5ba62ac0817082748046b8edc7c2370d498c06ca83
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1E41D2B1A142049FEB10EF58DC96A3AB3B0FB44714F248169E506DB390D735AA04DF52
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 008E23A0 Relevance: 9.1, APIs: 6, Instructions: 99COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • __Init_thread_header.LIBCMT ref: 008E249D
                                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 008E24C6
                                                                                                                                                                                                    • __Init_thread_header.LIBCMT ref: 008E24D8
                                                                                                                                                                                                      • Part of subcall function 009794E7: EnterCriticalSection.KERNEL32(009F4FC0,?,?,?,008DEFCF,009F5134,?,?,?,?,008DEBD1,00000000,00000000), ref: 009794F2
                                                                                                                                                                                                      • Part of subcall function 009794E7: LeaveCriticalSection.KERNEL32(009F4FC0,?,?,?,008DEFCF,009F5134,?,?,?,?,008DEBD1,00000000,00000000), ref: 0097952F
                                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 008E2501
                                                                                                                                                                                                    • __Init_thread_header.LIBCMT ref: 008E2513
                                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 008E253C
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Init_thread_footerInit_thread_header$CriticalSection$EnterLeave
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1029325649-0
                                                                                                                                                                                                    • Opcode ID: c1597bb6ed8da0cd0fd75af7af75efe56889cac4e228db5a3106833db3e9f689
                                                                                                                                                                                                    • Instruction ID: 023a2428e5cdf7d99682e4ede184b1a620fcac2599de2a46f150de72300e0b86
                                                                                                                                                                                                    • Opcode Fuzzy Hash: c1597bb6ed8da0cd0fd75af7af75efe56889cac4e228db5a3106833db3e9f689
                                                                                                                                                                                                    • Instruction Fuzzy Hash: D531F8B1B08B548BD320EB199842B2A3391FB5772CF1A4239E716973D1D670F801CB56
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00994F7C Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00000001,00994F73,0097BED4,00000011), ref: 00994F8A
                                                                                                                                                                                                    • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00994F98
                                                                                                                                                                                                    • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00994FB1
                                                                                                                                                                                                    • SetLastError.KERNEL32(00000000), ref: 00995003
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ErrorLastValue___vcrt_
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3852720340-0
                                                                                                                                                                                                    • Opcode ID: 4c15beb39daa4ef86c4f69543a1118766db8e7419c998e79fef154886c95db3d
                                                                                                                                                                                                    • Instruction ID: e8694acde9a394f35a4bcaabeee97cb1aedd99cb8aa0ed185c9c61da9b4ec83b
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4c15beb39daa4ef86c4f69543a1118766db8e7419c998e79fef154886c95db3d
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1C01883612D713AFAA2527BCBC86E272648EB42775721022DF514451E5EF516C02B5D4
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 008A6F50 Relevance: 9.0, APIs: 6, Instructions: 36threadCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetCurrentThread.KERNEL32 ref: 008A6F58
                                                                                                                                                                                                    • SetThreadPriority.KERNEL32(00000000,00020000), ref: 008A6F6A
                                                                                                                                                                                                    • SetThreadPriority.KERNEL32(00000000,00010000), ref: 008A6F8C
                                                                                                                                                                                                    • GetCurrentThread.KERNEL32 ref: 008A6F92
                                                                                                                                                                                                    • GetThreadPriority.KERNEL32(00000000), ref: 008A6F99
                                                                                                                                                                                                    • SetThreadPriority.KERNEL32(00000000,FFFFFFFE), ref: 008A6FAF
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Thread$Priority$Current
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2519221174-0
                                                                                                                                                                                                    • Opcode ID: 83662f77b18e8ee1373462e5fe3862faae355fdf51acf8eb89e34b98fe9cbcf6
                                                                                                                                                                                                    • Instruction ID: e5321216adfeb2438ebc97d6debe483cd376d985d04053e13dbfec5d3a92b2a5
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 83662f77b18e8ee1373462e5fe3862faae355fdf51acf8eb89e34b98fe9cbcf6
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 29F02431219291AFE7201F20FD4CE5E3B2CFBC2321B280214F112C61B0EF68BC019652
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 008A8770 Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 267COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(?,?,?,?,?,?,?,?,00000000,0000011C,?,?,008A85FC,0000011C,009F4C50,?), ref: 008A87A7
                                                                                                                                                                                                    • IsWow64Process.KERNEL32(00000000,00000000), ref: 008A87BB
                                                                                                                                                                                                      • Part of subcall function 008A7730: RegOpenKeyExW.ADVAPI32(?,?,00000000,?,00000000), ref: 008A775F
                                                                                                                                                                                                      • Part of subcall function 008A7730: RegCloseKey.ADVAPI32(00000000), ref: 008A7772
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Process$CloseCurrentOpenWow64
                                                                                                                                                                                                    • String ID: ReleaseId$SOFTWARE\Microsoft\Windows NT\CurrentVersion$UBR
                                                                                                                                                                                                    • API String ID: 108380400-4060060583
                                                                                                                                                                                                    • Opcode ID: 29ff003bfd39ab743825cb6cf857ccce1ae3c16b6d91f5a93782e4d5c58d018a
                                                                                                                                                                                                    • Instruction ID: f95b7cd1082dd3d419de083889fe251265aa61de29ae7737645524577b06b636
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 29ff003bfd39ab743825cb6cf857ccce1ae3c16b6d91f5a93782e4d5c58d018a
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 86B161B0508780CFE764CF28C494767BBE1FB85314F144A1EE48ADBA91DB74E945CB62
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 008C8290 Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 208COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • TryAcquireSRWLockExclusive.KERNEL32(000000D0), ref: 008C82C6
                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(?), ref: 008C83F1
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ExclusiveLock$AcquireRelease
                                                                                                                                                                                                    • String ID: ../../base/debug/activity_tracker.cc$RecordProcessExit$^_[]
                                                                                                                                                                                                    • API String ID: 17069307-2666811147
                                                                                                                                                                                                    • Opcode ID: 26db8ccd33c4a87cfd4bce78be8737fb7bc68c1124d5af1b9bfbe7c9a938a832
                                                                                                                                                                                                    • Instruction ID: fa4907dc483b89017ffaa4d939458c8c6a515635ecf386d53b2708999a226913
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 26db8ccd33c4a87cfd4bce78be8737fb7bc68c1124d5af1b9bfbe7c9a938a832
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8C8148B0600701DFDB24DF24C880B56BBF0FF59714F14856DE88A8B652DB71E849CB91
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 0088A330 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 177COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetFileInformationByHandle.KERNEL32(00000000,?,?,00000000), ref: 0088A40F
                                                                                                                                                                                                    • __fread_nolock.LIBCMT ref: 0088A48E
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • ../../base/files/file_util.cc, xrefs: 0088A3BE
                                                                                                                                                                                                    • ReadStreamToStringWithMaxSize, xrefs: 0088A3C3
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: FileHandleInformation__fread_nolock
                                                                                                                                                                                                    • String ID: ../../base/files/file_util.cc$ReadStreamToStringWithMaxSize
                                                                                                                                                                                                    • API String ID: 860753551-4143436111
                                                                                                                                                                                                    • Opcode ID: 2c0f0d8a393b45c505e301fc06a63954ddf8c4e66778b1a5c38d938f0d71d15b
                                                                                                                                                                                                    • Instruction ID: 7edc7ea3264df18488b133ae0271ab2753328dd3dca919fbf50d07941759a3c2
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2c0f0d8a393b45c505e301fc06a63954ddf8c4e66778b1a5c38d938f0d71d15b
                                                                                                                                                                                                    • Instruction Fuzzy Hash: E361D271A043819BEB14EF28C84176BB7E5FFC5314F144A2DF8899B281E7B5D9498B83
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00924E30 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 109COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • TryAcquireSRWLockExclusive.KERNEL32(00000000,?,00989680,?,008F987A,?,?,00000028,?,?,?,?,00989680), ref: 00924E4B
                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(00000000,?,008F987A,?,?,00000028,?,?,?,?,00989680), ref: 00924E69
                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(00000000,?,008F987A,?,?,00000028,?,?,?,?,00989680), ref: 00924EBB
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • AddDirectory, xrefs: 00924F0E
                                                                                                                                                                                                    • ../../base/files/important_file_writer_cleaner.cc, xrefs: 00924F09
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ExclusiveLock$Release$Acquire
                                                                                                                                                                                                    • String ID: ../../base/files/important_file_writer_cleaner.cc$AddDirectory
                                                                                                                                                                                                    • API String ID: 1021914862-215382998
                                                                                                                                                                                                    • Opcode ID: e7332fba99b195600580100407d028453e3359daad3bdd8d629263ef43d4389b
                                                                                                                                                                                                    • Instruction ID: 6c86a42beef242d57a71d1e0ba76db120c84b2206e44eb10e8d09be4ed669e41
                                                                                                                                                                                                    • Opcode Fuzzy Hash: e7332fba99b195600580100407d028453e3359daad3bdd8d629263ef43d4389b
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1231E671E00224ABDB04EF64E985ABEBBA9FF84318F450118F4095B686D734AD14CBD2
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 0088D000 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 107COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • TryAcquireSRWLockExclusive.KERNEL32(00000000,00913059,00913059,FF355567,?,?,?,?,00913059,009BC218), ref: 0088D021
                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(00000000,?,?,?,?,00913059,009BC218), ref: 0088D032
                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(00000000,?,?,?,?,00913059,009BC218), ref: 0088D09A
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • ../../base/metrics/field_trial.cc, xrefs: 0088D0F5
                                                                                                                                                                                                    • NotifyFieldTrialGroupSelection, xrefs: 0088D0FA
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ExclusiveLock$Release$Acquire
                                                                                                                                                                                                    • String ID: ../../base/metrics/field_trial.cc$NotifyFieldTrialGroupSelection
                                                                                                                                                                                                    • API String ID: 1021914862-2651062977
                                                                                                                                                                                                    • Opcode ID: 386e60697e696f60c4cbe8d6a2e51b3dc7b70b8ff67581c462d5672974fb072b
                                                                                                                                                                                                    • Instruction ID: c01c036795816c66467cf064bda34748980bce5d76aab21883a8e86b0a0bc2db
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 386e60697e696f60c4cbe8d6a2e51b3dc7b70b8ff67581c462d5672974fb072b
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1E31FFB1E04359AFDF24AB64DC85FAE7B78FF84304F040049E805AB292D775AD46C7A2
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 0088C850 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 104windowCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • FormatMessageA.KERNEL32(00001200,00000000,0088CACF,00000000,?,00000100,00000000), ref: 0088C90B
                                                                                                                                                                                                    • _strlen.LIBCMT ref: 0088C929
                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 0088C991
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • Error (0x%lX) while retrieving error. (0x%lX), xrefs: 0088C999
                                                                                                                                                                                                    • (0x%lX), xrefs: 0088C91A
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ErrorFormatLastMessage_strlen
                                                                                                                                                                                                    • String ID: (0x%lX)$Error (0x%lX) while retrieving error. (0x%lX)
                                                                                                                                                                                                    • API String ID: 2706427827-3206765257
                                                                                                                                                                                                    • Opcode ID: 7da097b0e4550d911696c8e759a81c2a369666cf3ac42fe991dd7300e597e09c
                                                                                                                                                                                                    • Instruction ID: 499975f28d8f77ad35a131ef16de85ab8f6fda640241a50d2eaf505b9bc3df6b
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7da097b0e4550d911696c8e759a81c2a369666cf3ac42fe991dd7300e597e09c
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 554174B29187C19AE7219B14CC82B6BBBA4FFDE310F10471DF9C896551EBB09544C793
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 008A3500 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 104fileCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • CopyFileW.KERNEL32(?,?,?,?,009F4C24), ref: 008A3613
                                                                                                                                                                                                    • GetFileAttributesW.KERNEL32(?), ref: 008A361E
                                                                                                                                                                                                    • SetFileAttributesW.KERNEL32(?,00000000), ref: 008A3639
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: File$Attributes$Copy
                                                                                                                                                                                                    • String ID: ../../base/files/file_util_win.cc$DoCopyFile
                                                                                                                                                                                                    • API String ID: 1180250742-495309063
                                                                                                                                                                                                    • Opcode ID: be2ca8570ccd55b3f6b5c61049e7f1ddd7e896a27d2bc4364850b5eb09d0f8ed
                                                                                                                                                                                                    • Instruction ID: 5113f2b88fb560c80f7be51cb16504047d09ec1c905e30eeee3e6471757f1136
                                                                                                                                                                                                    • Opcode Fuzzy Hash: be2ca8570ccd55b3f6b5c61049e7f1ddd7e896a27d2bc4364850b5eb09d0f8ed
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9C316671A047816BE320AB28CC4576AB799FFC6734F048B1DF4F1D26D1EBB49A448742
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 009A4AC2 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 62COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • FreeLibrary.KERNEL32(00000000,?,?,009A4B83,009DC2C4,009DC2BC,00000000,00000011,?,009A4A1C,00000002,FlsGetValue,009DC2BC,009DC2C4,00000011), ref: 009A4B52
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: FreeLibrary
                                                                                                                                                                                                    • String ID: api-ms-
                                                                                                                                                                                                    • API String ID: 3664257935-2084034818
                                                                                                                                                                                                    • Opcode ID: 5a5b79be390bbbfe11b2324c3281251816f64395f2ddd7b938c5a0ad5946ab7c
                                                                                                                                                                                                    • Instruction ID: f4561070e1027cf12eefc7a1dcbe1a9b379ddaf74a4c58c9474836a84efae47c
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5a5b79be390bbbfe11b2324c3281251816f64395f2ddd7b938c5a0ad5946ab7c
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2511E931A45221ABCB228B689C45B5D77AC9F82774F250612F911EB2D0D7F0FD009AE5
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 008BCFE4 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 36threadCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • DeleteProcThreadAttributeList.KERNEL32(65443A3A,?,?,?,?,?,?,?,?,00000000,009F4F64,00000000), ref: 008BD010
                                                                                                                                                                                                    • __Init_thread_header.LIBCMT ref: 008BD026
                                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 008BD055
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: AttributeDeleteInit_thread_footerInit_thread_headerListProcThread
                                                                                                                                                                                                    • String ID: ::DeleteProcThreadAttributeList$kernel32.dll
                                                                                                                                                                                                    • API String ID: 1729018061-2988736364
                                                                                                                                                                                                    • Opcode ID: e8f7d827b5441e2d9c4255ec498488a8b4c57259809b58c9758eef56c921cfd0
                                                                                                                                                                                                    • Instruction ID: 64722999d8d4a414e9cbba90ada2d174d2194a214f5a2070e3f7f7f7e977452f
                                                                                                                                                                                                    • Opcode Fuzzy Hash: e8f7d827b5441e2d9c4255ec498488a8b4c57259809b58c9758eef56c921cfd0
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9CF0C236624704AFD620AB18ED42FBB7365F7C5B28F154029F90D87391E6726843E752
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 008DB750 Relevance: 7.8, APIs: 5, Instructions: 250COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: __floor_pentium4
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 4168288129-0
                                                                                                                                                                                                    • Opcode ID: 6b0d8e2aa9716cf2dfcef5c7434923936fcf0fa69bf454dfd9d60891a17ff183
                                                                                                                                                                                                    • Instruction ID: 6363988f921331dbfcbf4a26a04b8f7c95783654548ebc0da546339a1ab6254e
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6b0d8e2aa9716cf2dfcef5c7434923936fcf0fa69bf454dfd9d60891a17ff183
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3EA1D171D19B45CBC712DF3CC45162AB7E4FFD6390F128B2EE895A7251EB3098868781
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 008DE230 Relevance: 7.7, APIs: 5, Instructions: 192COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • TryAcquireSRWLockExclusive.KERNEL32(00000000,008BE527,?,?,?,008A6B03,008BE527,?,?,008BE527,?), ref: 008DE251
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: AcquireExclusiveLock
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 4021432409-0
                                                                                                                                                                                                    • Opcode ID: ecd01f1b065049afc067813ac9fd1b96da9dd725ef2f247028414599459d66b2
                                                                                                                                                                                                    • Instruction ID: a98fc3fc1ea4e6c9708e4c548d3a88876d85d3e0ad69582163f537bfe3587e22
                                                                                                                                                                                                    • Opcode Fuzzy Hash: ecd01f1b065049afc067813ac9fd1b96da9dd725ef2f247028414599459d66b2
                                                                                                                                                                                                    • Instruction Fuzzy Hash: A6716EB1A002058FDB18EF58C491A7ABBB5FF98314F15426AE909DF352D730EC00CB91
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 0089B3C0 Relevance: 7.6, APIs: 5, Instructions: 139COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • TlsGetValue.KERNEL32(0000001D), ref: 0089B469
                                                                                                                                                                                                      • Part of subcall function 008DC210: TlsAlloc.KERNEL32(?,0089B3FB,FFFFFFFF), ref: 008DC213
                                                                                                                                                                                                    • TryAcquireSRWLockExclusive.KERNEL32(04B391F0), ref: 0089B51B
                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(04B391F0), ref: 0089B553
                                                                                                                                                                                                    • __Init_thread_header.LIBCMT ref: 0089B571
                                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 0089B5A0
                                                                                                                                                                                                      • Part of subcall function 008DC230: TlsFree.KERNEL32(0089B45A,?,0089B45A,?), ref: 008DC236
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ExclusiveLock$AcquireAllocFreeInit_thread_footerInit_thread_headerReleaseValue
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3486807680-0
                                                                                                                                                                                                    • Opcode ID: cd660a40301bb6f13e87ad954a8953ab4284bc95d62c6e6cda926ff45c9cc2df
                                                                                                                                                                                                    • Instruction ID: 5fb16a644fa8a3f31fbed1038ae5aa00fa9b7d1cc65a1d4ccb499cd5b5beeb05
                                                                                                                                                                                                    • Opcode Fuzzy Hash: cd660a40301bb6f13e87ad954a8953ab4284bc95d62c6e6cda926ff45c9cc2df
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0541C5B1A041189BCB20BB6CFC41AA933A4FF81320F048679E5A8973D1DB716945DF92
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 0089B080 Relevance: 7.6, APIs: 5, Instructions: 125COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • TlsGetValue.KERNEL32(0000001D), ref: 0089B0A9
                                                                                                                                                                                                    • TryAcquireSRWLockExclusive.KERNEL32(04B391F0), ref: 0089B138
                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(04B391F0), ref: 0089B15A
                                                                                                                                                                                                    • __Init_thread_header.LIBCMT ref: 0089B20C
                                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 0089B23F
                                                                                                                                                                                                      • Part of subcall function 008DC240: TlsSetValue.KERNEL32(FFFFFFFF,0089B49B,?,0089B49B,FFFFFFFF,?), ref: 008DC249
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ExclusiveLockValue$AcquireInit_thread_footerInit_thread_headerRelease
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3909918647-0
                                                                                                                                                                                                    • Opcode ID: 60a981c0923e39c4f61768c516175f5b4dd7a6fde84b6f1b9f810a8970ccfe8e
                                                                                                                                                                                                    • Instruction ID: c43c081ad2248485782f2fa58d3d8481ab3f6c4d374b733a6f6d03c56264b67b
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 60a981c0923e39c4f61768c516175f5b4dd7a6fde84b6f1b9f810a8970ccfe8e
                                                                                                                                                                                                    • Instruction Fuzzy Hash: D9414BB2B001089BDB24BB68FD96BBE3365FF84314F184538E909D7291DB716D45CB92
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 0085C972 Relevance: 7.6, APIs: 5, Instructions: 110registryCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • RegOpenKeyExW.ADVAPI32(FF355567,?,00000000,?,?), ref: 0085C9BE
                                                                                                                                                                                                    • RegEnumKeyExW.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,?), ref: 0085CA2E
                                                                                                                                                                                                    • RegEnumKeyExW.ADVAPI32(?,00000000,?,00000100,00000000,00000000,00000000,?), ref: 0085CA79
                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 0085CA94
                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(?,?), ref: 0085CAC5
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CloseEnum$Open
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 956018044-0
                                                                                                                                                                                                    • Opcode ID: 0d1d5a8d41b5ac3fbab0eaa10309a11733032640165f18f9ce7f8c9eb40feddf
                                                                                                                                                                                                    • Instruction ID: 3b40f2db475ee6d4376490533ab5679182a34b0c72350c460a494fb555b61791
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0d1d5a8d41b5ac3fbab0eaa10309a11733032640165f18f9ce7f8c9eb40feddf
                                                                                                                                                                                                    • Instruction Fuzzy Hash: A14131B594122CAFDB20DF65DC8CBEABBB8FF59350F104099E80997250D6709E85CF90
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 0089B280 Relevance: 7.6, APIs: 5, Instructions: 86COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • TlsGetValue.KERNEL32(0000001D,009F4E90,009F4CF8,00000000,?,0089B64C,?,?,?,008AB35C,00000000), ref: 0089B293
                                                                                                                                                                                                    • TryAcquireSRWLockExclusive.KERNEL32(04B391F0,?,?,00000001,00000000), ref: 0089B2CA
                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(04B391F0,?,?,00000001,00000000), ref: 0089B34E
                                                                                                                                                                                                    • __Init_thread_header.LIBCMT ref: 0089B37A
                                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 0089B3AD
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ExclusiveLock$AcquireInit_thread_footerInit_thread_headerReleaseValue
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3774927250-0
                                                                                                                                                                                                    • Opcode ID: ad9ace86ec66cb3e8c13186b1b88cb40042571cfa65e5a52dc25181df907877f
                                                                                                                                                                                                    • Instruction ID: c85a813a013393837fc2c856e12f2717523dddd38cc61cc959adfa44c2a886fd
                                                                                                                                                                                                    • Opcode Fuzzy Hash: ad9ace86ec66cb3e8c13186b1b88cb40042571cfa65e5a52dc25181df907877f
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9E31D171A04204CFDB14EF6CF985BBA33A5FB95320F1C4229E655CB3A0DB76A851EB11
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00858624 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 422COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _strlen
                                                                                                                                                                                                    • String ID: %.2x$%.8lx$,%.2x
                                                                                                                                                                                                    • API String ID: 4218353326-2969256346
                                                                                                                                                                                                    • Opcode ID: 7d071ec32ac13275e7937a89a631d6c591fecdd030d7cc6edd721a9e468d08e5
                                                                                                                                                                                                    • Instruction ID: 686f3a8f06726d9acecd08702310a763fb630899c76f7e6b2526580c8913114d
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7d071ec32ac13275e7937a89a631d6c591fecdd030d7cc6edd721a9e468d08e5
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 20F17EB15083819FDB11DF68C88162AFBE4FF95314F044A2EF895A7251EB70E948CB93
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 0099EEF6 Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 375COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: __freea
                                                                                                                                                                                                    • String ID: a/p$am/pm
                                                                                                                                                                                                    • API String ID: 240046367-3206640213
                                                                                                                                                                                                    • Opcode ID: fd432f5b75abe73cb3192b419121784f12345210a862f76f011bf31cd77dfb1b
                                                                                                                                                                                                    • Instruction ID: 44a421c296b35971fe32f17b174a949d50669a17a6d33093cb4debc08de6519e
                                                                                                                                                                                                    • Opcode Fuzzy Hash: fd432f5b75abe73cb3192b419121784f12345210a862f76f011bf31cd77dfb1b
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 26C1BC35904216DBCF248FACC9A57BEF7B8EF49700F28416AE811EB255D3399D41CBA1
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00912D40 Relevance: 7.3, APIs: 2, Strings: 2, Instructions: 333COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • TryAcquireSRWLockExclusive.KERNEL32(?), ref: 0091311F
                                                                                                                                                                                                      • Part of subcall function 00900690: CreateEventW.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,?,?,009192E1,00000001,00000001), ref: 009006B0
                                                                                                                                                                                                      • Part of subcall function 00900690: GetLastError.KERNEL32(?,?,009192E1,00000001,00000001), ref: 009006C2
                                                                                                                                                                                                      • Part of subcall function 00900690: SetLastError.KERNEL32(00000000,?,?,009192E1,00000001,00000001), ref: 009006F9
                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(?), ref: 009131D4
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ErrorExclusiveLastLock$AcquireCreateEventRelease
                                                                                                                                                                                                    • String ID: $2
                                                                                                                                                                                                    • API String ID: 629145919-4264767444
                                                                                                                                                                                                    • Opcode ID: d2be14994448f84b40be4c779ac56060ff2d9cabd9612866114cc50f47fa0a63
                                                                                                                                                                                                    • Instruction ID: 87b595b49250f071a98e5a95a4e6e06a66c1a506bd57a004373aafee1124b461
                                                                                                                                                                                                    • Opcode Fuzzy Hash: d2be14994448f84b40be4c779ac56060ff2d9cabd9612866114cc50f47fa0a63
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 30E1E2B19047449FE710DF28C8857ABBBF4FF95304F008A1DE89A9B291D7B0E584CB92
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 008E31C0 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 241COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • _strlen.LIBCMT ref: 008E3366
                                                                                                                                                                                                      • Part of subcall function 008E2E80: _strlen.LIBCMT ref: 008E2F5F
                                                                                                                                                                                                      • Part of subcall function 008E2E80: _strlen.LIBCMT ref: 008E2F95
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _strlen
                                                                                                                                                                                                    • String ID: ,$__DISABLED_OTHER_EVENTS$__OTHER_EVENTS
                                                                                                                                                                                                    • API String ID: 4218353326-275338912
                                                                                                                                                                                                    • Opcode ID: fb94274d393ff36c0cc57c6b45701ece858c875e1d750a168d166427ad784601
                                                                                                                                                                                                    • Instruction ID: d1c2e31359694e8f1e12db24c913b6b4151c07bd884c425ee83a0fc8ae7eeed3
                                                                                                                                                                                                    • Opcode Fuzzy Hash: fb94274d393ff36c0cc57c6b45701ece858c875e1d750a168d166427ad784601
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 37A166B1908381AFD711CF15C484A6BBBE4FF96358F05881DF88597261D770EE49CB92
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 008C8540 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 227COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • TryAcquireSRWLockExclusive.KERNEL32(?,?), ref: 008C858B
                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(?,?), ref: 008C85AD
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ExclusiveLock$AcquireRelease
                                                                                                                                                                                                    • String ID: ess-$phas
                                                                                                                                                                                                    • API String ID: 17069307-415257544
                                                                                                                                                                                                    • Opcode ID: 9906a6a0fb642d3d57266fcf4ecbf96d7d72920bbc283f1a2163ee59b4a72f7f
                                                                                                                                                                                                    • Instruction ID: a5ae366fe06f375e9425196afcc11b04ab0cebd3aaba90bf14bb99682ac8493a
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9906a6a0fb642d3d57266fcf4ecbf96d7d72920bbc283f1a2163ee59b4a72f7f
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6F9122B1508341AFCB14DF24C885E6AB7B5FF88710F148A1DF8959B2A1EB70E905CB92
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 008A2750 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 165COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetLongPathNameW.KERNEL32(?,?,00000104), ref: 008A2939
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: LongNamePath
                                                                                                                                                                                                    • String ID: ../../base/files/file_util_win.cc$.tmp$CreateAndOpenTemporaryFileInDir
                                                                                                                                                                                                    • API String ID: 82841172-836254879
                                                                                                                                                                                                    • Opcode ID: 375d0cd91ebba2290d8e3bf19fcf17cbedd37145183a33791142d567373c6d58
                                                                                                                                                                                                    • Instruction ID: ed9651fca8ba0e55150ac6357110f9df99f4f43f32bebf0d6770be1ffafb1a44
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 375d0cd91ebba2290d8e3bf19fcf17cbedd37145183a33791142d567373c6d58
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9F51D171908341ABE710EF28C881A6FBBA4FFC5724F444A2CF4A597292DB74D9458B43
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00908CD4 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 149COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _strlen
                                                                                                                                                                                                    • String ID: %s%zu$restart_cmd_line_key_
                                                                                                                                                                                                    • API String ID: 4218353326-2004224652
                                                                                                                                                                                                    • Opcode ID: 7b6c8d4fa3d358c69109214a5a2d9ac15f38656e7682a9ee4f8cab967b441244
                                                                                                                                                                                                    • Instruction ID: 07a6304f6fc1a271922e0fc2635d33043332a823ad95e1ba4949d8112613eaed
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7b6c8d4fa3d358c69109214a5a2d9ac15f38656e7682a9ee4f8cab967b441244
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 964127717002055FCB10AB68DC81A7B77A9EF95728F14463DF899D73C2EA70AD05C791
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 008E2CB0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 135COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _strlen
                                                                                                                                                                                                    • String ID: , {
                                                                                                                                                                                                    • API String ID: 4218353326-2621827712
                                                                                                                                                                                                    • Opcode ID: 088d9a64c0394adfbd50490e95f8c7680ee7a7402654185dcf3288201b6dfa3f
                                                                                                                                                                                                    • Instruction ID: 5befff822454889a0791a0119b972d00d8a7fb7cbd9e1b4ed33bdf9af33b6d43
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 088d9a64c0394adfbd50490e95f8c7680ee7a7402654185dcf3288201b6dfa3f
                                                                                                                                                                                                    • Instruction Fuzzy Hash: BD4103B1A042646BDB10BB58DC86F6B7B98FF82358F040428FC449B293E775E95986D3
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00856354 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 122COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • RemoveDirectoryW.KERNEL32(?,?), ref: 00856454
                                                                                                                                                                                                    • RemoveDirectoryW.KERNEL32(?,?,?), ref: 00856499
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • Actual removal of , xrefs: 008563A9
                                                                                                                                                                                                    • ../../opera/desktop/windows/installer/transactions/delete_file_operation.cc, xrefs: 0085637A, 00856397
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: DirectoryRemove
                                                                                                                                                                                                    • String ID: ../../opera/desktop/windows/installer/transactions/delete_file_operation.cc$Actual removal of
                                                                                                                                                                                                    • API String ID: 597925465-678036363
                                                                                                                                                                                                    • Opcode ID: 32a11940c03310a2067f7ba7ccdfa7644c8165d0e2f0559f6af1329d5b5ffef8
                                                                                                                                                                                                    • Instruction ID: b29752044f25eb2b0603dc192a88c5e8492243e6b2b66ad4fb2ddd2c63c403a9
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 32a11940c03310a2067f7ba7ccdfa7644c8165d0e2f0559f6af1329d5b5ffef8
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6441F471A002149BDF54EF28DC85BBA37B5FF44305F4044A8EC09DB292EB34AE59CB92
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 008A43D0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 100COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetFileInformationByHandle.KERNEL32(?,?), ref: 008A4499
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: FileHandleInformation
                                                                                                                                                                                                    • String ID: ../../base/files/file_win.cc$File::GetInfo$GetInfo
                                                                                                                                                                                                    • API String ID: 3935143524-2616935691
                                                                                                                                                                                                    • Opcode ID: e5dfd4397cad26c5e9af5f874c893a962c717507dc1ea157b5059e4012100dff
                                                                                                                                                                                                    • Instruction ID: 453686fc866cf711bd0d2f4725ea51196a8ec684d57b195375638bf7fd4d49b0
                                                                                                                                                                                                    • Opcode Fuzzy Hash: e5dfd4397cad26c5e9af5f874c893a962c717507dc1ea157b5059e4012100dff
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7A41AD72808781ABC310DF68C841AAAFBB4FFDA360F104B1CF5D496592EB70D195C782
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 008A4030 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 73fileCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • WriteFile.KERNEL32(?,?,00000000,FFFFFFFF,00000000), ref: 008A40E8
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: FileWrite
                                                                                                                                                                                                    • String ID: ../../base/files/file_win.cc$File::WriteAtCurrentPos$WriteAtCurrentPos
                                                                                                                                                                                                    • API String ID: 3934441357-2300577854
                                                                                                                                                                                                    • Opcode ID: 42e9748990eb8177e8de11e35265c513f7255364430764a229c104b4e5e3cead
                                                                                                                                                                                                    • Instruction ID: 1dd410c72bbc95e68d839c2892c8b0daaa1dbad30eebe4487f16c1ebc6312514
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 42e9748990eb8177e8de11e35265c513f7255364430764a229c104b4e5e3cead
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2C21AD725043819BD610EF28CC81A6AF7A8FBC6774F504B1CF9F0961D1EBB09908C792
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 008A4130 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 66COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetFileSizeEx.KERNEL32(00000000,FFFFFFFF), ref: 008A41E2
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: FileSize
                                                                                                                                                                                                    • String ID: ../../base/files/file_win.cc$File::GetLength$GetLength
                                                                                                                                                                                                    • API String ID: 3433856609-2366038222
                                                                                                                                                                                                    • Opcode ID: 05936b3b75301be02441e38bc2d1eba1311faec29e180c432b142ff2f370b7bf
                                                                                                                                                                                                    • Instruction ID: 9aba75a06ad37dcbc5aab5b5fc68f6896f6c93ada95ff3e43537c97bbd6a87c1
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 05936b3b75301be02441e38bc2d1eba1311faec29e180c432b142ff2f370b7bf
                                                                                                                                                                                                    • Instruction Fuzzy Hash: F6218E325143819BD210EF68CC46AAAF7A5FFCA774F504B1CF5E4961E1DBB095058B83
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 008A4960 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 59COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: BuffersFileFlush
                                                                                                                                                                                                    • String ID: ../../base/files/file_win.cc$File::Flush$Flush
                                                                                                                                                                                                    • API String ID: 1685522069-255115301
                                                                                                                                                                                                    • Opcode ID: caeb51d38579bfa004802c109abfac6c24f26845642c8615a45171206e23508e
                                                                                                                                                                                                    • Instruction ID: 9da0043908e27697f871d1d74c1db2eaed53ce3e6a6e042a99527b6c7910f040
                                                                                                                                                                                                    • Opcode Fuzzy Hash: caeb51d38579bfa004802c109abfac6c24f26845642c8615a45171206e23508e
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0811E27161438057D620BF2C8C82BAEB7A9FFC6770F500B1CF5E5861D2DBB199008283
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 0093E4D0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 57registryCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • RegisterClassExW.USER32(00000030), ref: 0093E536
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ClassRegister
                                                                                                                                                                                                    • String ID: ../../base/win/message_window.cc$Failed to register the window class for a message-only window$MZx
                                                                                                                                                                                                    • API String ID: 2764894006-197181506
                                                                                                                                                                                                    • Opcode ID: c8b10f140fe83d6d4fc35b776ebba3a99da0ae99ce99ce0f0313589fd0d3bc7c
                                                                                                                                                                                                    • Instruction ID: f68a037735de8641672e75c0e6e6cd2052e0b2653374253821f3cc7d7638a3bc
                                                                                                                                                                                                    • Opcode Fuzzy Hash: c8b10f140fe83d6d4fc35b776ebba3a99da0ae99ce99ce0f0313589fd0d3bc7c
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8911B970D103489BDB10EF94E856B9EBBB8FF84348F40C459F504BB281EBB15648CB92
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00999042 Relevance: 6.3, APIs: 4, Instructions: 320COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _strrchr
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3213747228-0
                                                                                                                                                                                                    • Opcode ID: 4a71855c2dcaeff16fdaea010b3b3782e48c64892e311169d0175a16ee1683e7
                                                                                                                                                                                                    • Instruction ID: 08f0b566ba05efd7843d43887ff5de6a6de481e63cd9f5399ba1c5aded4161d0
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4a71855c2dcaeff16fdaea010b3b3782e48c64892e311169d0175a16ee1683e7
                                                                                                                                                                                                    • Instruction Fuzzy Hash: B5B13532904246AFDF218F6CC8827FEBBE9EF95350F2441AEE855EB241D6358D41CB60
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00892AA0 Relevance: 6.3, APIs: 4, Instructions: 277COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • __Init_thread_header.LIBCMT ref: 00892BD2
                                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 00892C0C
                                                                                                                                                                                                    • __Init_thread_header.LIBCMT ref: 00892DDE
                                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 00892E18
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Init_thread_footerInit_thread_header
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 4092853384-0
                                                                                                                                                                                                    • Opcode ID: 5dabb2b14a478715054fc74d6ef60c816f0defb75838c3453f13f73101835218
                                                                                                                                                                                                    • Instruction ID: 7f393ecfc67c247ddb7444eb1f60314ee0d7057c26cc15ac4b16713b3e960de1
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5dabb2b14a478715054fc74d6ef60c816f0defb75838c3453f13f73101835218
                                                                                                                                                                                                    • Instruction Fuzzy Hash: CDA12872E0061AABDB11EF5CD9816BDB371FFD8318F198328D815A7296D730BA90C791
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 008E4DF0 Relevance: 6.2, APIs: 4, Instructions: 207COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _strlen
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 4218353326-0
                                                                                                                                                                                                    • Opcode ID: 715f182307335c7a9d364302a9f544c72a474e4a5c3e9395234433abe7f7d4ab
                                                                                                                                                                                                    • Instruction ID: 829f4b2f38f8ec2aa67f8773a1bca5379d19b3f8fe358ea1a78c124a620cea28
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 715f182307335c7a9d364302a9f544c72a474e4a5c3e9395234433abe7f7d4ab
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8961E3B5A0429A9FDB10CE6ADC80ABE77A5FF42318F191468E819DB301EB35ED05C761
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 008912D0 Relevance: 6.2, APIs: 4, Instructions: 169COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • TryAcquireSRWLockExclusive.KERNEL32(04B371C8,?), ref: 00891388
                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(04B371C8,FFFFFFFF,?,00000001,009B0FB4,?,00851CCA), ref: 00891479
                                                                                                                                                                                                    • __Init_thread_header.LIBCMT ref: 008914B9
                                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 00891510
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ExclusiveLock$AcquireInit_thread_footerInit_thread_headerRelease
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2580794422-0
                                                                                                                                                                                                    • Opcode ID: 2bd7df126288058da250357cf899ff127fbd1e4f963f9d550eaae94f61286e06
                                                                                                                                                                                                    • Instruction ID: f655114093e22a3a680b8387564e3942fa5e43fa9b24cb46a7365e4ae6a400b3
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2bd7df126288058da250357cf899ff127fbd1e4f963f9d550eaae94f61286e06
                                                                                                                                                                                                    • Instruction Fuzzy Hash: E8510271A047069BDF20EF24D845BBAB7B1FF95314F18822CE85697781E738E905CB91
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00995608 Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: AdjustPointer
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1740715915-0
                                                                                                                                                                                                    • Opcode ID: f909c1dc535b4b763f73a571c0daacf383344cfe851b0bc91900d2e75302b00d
                                                                                                                                                                                                    • Instruction ID: 32fdcacffb14502595db7d6082ddf678f5be632fcb7dcf32098ba8ddf4b38b18
                                                                                                                                                                                                    • Opcode Fuzzy Hash: f909c1dc535b4b763f73a571c0daacf383344cfe851b0bc91900d2e75302b00d
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8451E476601A02DFDF2A8F98C845B7B73A9EF44310F16452DED058B2A1E731EE40CB90
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 008FA2C0 Relevance: 6.1, APIs: 4, Instructions: 89COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • RaiseException.KERNEL32(E0000008,00000001,00000001,00100000,00000000,?,008C9CD9,008A6D3F,?,008A6D3F,00100000,?,?,?), ref: 008FA2D7
                                                                                                                                                                                                    • TryAcquireSRWLockExclusive.KERNEL32(00000000,00000000,00000000,00100000,?,E0000008,?,008C9CD9,008A6D3F,?,008A6D3F,00100000,?,?,?), ref: 0090A063
                                                                                                                                                                                                    • VirtualFree.KERNEL32(00000000,00000000,00008000,?,E0000008,?,008C9CD9,008A6D3F,?,008A6D3F,00100000,?,?,?), ref: 0090A085
                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(00000000,?,E0000008,?,008C9CD9,008A6D3F,?,008A6D3F,00100000,?,?,?), ref: 0090A0B0
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ExclusiveLock$AcquireExceptionFreeRaiseReleaseVirtual
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 329190654-0
                                                                                                                                                                                                    • Opcode ID: 632512d8e555f0f16d3456e6a8f05b06927e0b0da182daced8f78e158e9b8e03
                                                                                                                                                                                                    • Instruction ID: 846dfe6b83cab7af50dac44f079e364e9737e344cd731c41bbe7683744d9a074
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 632512d8e555f0f16d3456e6a8f05b06927e0b0da182daced8f78e158e9b8e03
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 60113F71624B086FE7106F54AC45B7E3728EB82F14F960024F724DB2D1CBA26D00A7EB
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 008AA4E0 Relevance: 6.1, APIs: 4, Instructions: 85COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • QueryPerformanceCounter.KERNEL32(00000000), ref: 008AA50F
                                                                                                                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 008AA54C
                                                                                                                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 008AA56A
                                                                                                                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 008AA5C1
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$CounterPerformanceQuery
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 374826692-0
                                                                                                                                                                                                    • Opcode ID: 8896c4bea29d924c48e5146a48298013c0cb9976ddbe669b5b6544f9422a59f9
                                                                                                                                                                                                    • Instruction ID: 1a804f5d493607177b395bac469d01f205393c9672a49254cbdecdf98a4bd4b6
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8896c4bea29d924c48e5146a48298013c0cb9976ddbe669b5b6544f9422a59f9
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 05314D71614304AFC708DF59DC95A6BBBE9EBC8710F04C82EBA98C7761DA349844DB92
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 008AE440 Relevance: 6.1, APIs: 4, Instructions: 84COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • __Init_thread_header.LIBCMT ref: 008AE4E1
                                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 008AE51E
                                                                                                                                                                                                    • __Init_thread_header.LIBCMT ref: 008AE530
                                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 008AE56D
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Init_thread_footerInit_thread_header
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 4092853384-0
                                                                                                                                                                                                    • Opcode ID: 715f5d6f064bd496a3da6f962a00f5ba97b81fcf3ddf21b6092239a266e47999
                                                                                                                                                                                                    • Instruction ID: cd7c0e65b64f70b55ed31e13008cc2de06e5b783507e7d654bf86c23347f90df
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 715f5d6f064bd496a3da6f962a00f5ba97b81fcf3ddf21b6092239a266e47999
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7331E3B2A05600CFF310DF5CE895F2637A5FB8A314F058464E90D8B7A2D371AC41DB92
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 0087E180 Relevance: 6.1, APIs: 4, Instructions: 68COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • __Init_thread_header.LIBCMT ref: 0087E1E5
                                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 0087E247
                                                                                                                                                                                                    • __Init_thread_header.LIBCMT ref: 0087E259
                                                                                                                                                                                                      • Part of subcall function 009794E7: EnterCriticalSection.KERNEL32(009F4FC0,?,?,?,008DEFCF,009F5134,?,?,?,?,008DEBD1,00000000,00000000), ref: 009794F2
                                                                                                                                                                                                      • Part of subcall function 009794E7: LeaveCriticalSection.KERNEL32(009F4FC0,?,?,?,008DEFCF,009F5134,?,?,?,?,008DEBD1,00000000,00000000), ref: 0097952F
                                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 0087E292
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CriticalInit_thread_footerInit_thread_headerSection$EnterLeave
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2234156424-0
                                                                                                                                                                                                    • Opcode ID: 3e4afe160d168dca58539187215843a5f09125e8d223b582410e076c5663281b
                                                                                                                                                                                                    • Instruction ID: 5c6144a8e426bbbea882374bff60aac73b6b3d382f2ca4c33fec5a1e20c5da53
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3e4afe160d168dca58539187215843a5f09125e8d223b582410e076c5663281b
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 20210572A503448FD320DF18ED46A3677A1F788B64F10C269FA1D97391D7399A40CB92
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 0087E2C0 Relevance: 6.1, APIs: 4, Instructions: 68COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • __Init_thread_header.LIBCMT ref: 0087E325
                                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 0087E387
                                                                                                                                                                                                    • __Init_thread_header.LIBCMT ref: 0087E399
                                                                                                                                                                                                      • Part of subcall function 009794E7: EnterCriticalSection.KERNEL32(009F4FC0,?,?,?,008DEFCF,009F5134,?,?,?,?,008DEBD1,00000000,00000000), ref: 009794F2
                                                                                                                                                                                                      • Part of subcall function 009794E7: LeaveCriticalSection.KERNEL32(009F4FC0,?,?,?,008DEFCF,009F5134,?,?,?,?,008DEBD1,00000000,00000000), ref: 0097952F
                                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 0087E3D2
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CriticalInit_thread_footerInit_thread_headerSection$EnterLeave
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2234156424-0
                                                                                                                                                                                                    • Opcode ID: 430a1527dc0d27e8f2d8ccc6149fa50830e6976b6d0fb9efeb6d8c85a31e833b
                                                                                                                                                                                                    • Instruction ID: eddaaf6701145d58a0b87c9612d36c9127f257b6816b848a9a7f559aa22fcd5f
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 430a1527dc0d27e8f2d8ccc6149fa50830e6976b6d0fb9efeb6d8c85a31e833b
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4A210571A102058FC320DF28E94AB3577B1F788B24F00C26AEE5997391E739A940CB52
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00900690 Relevance: 6.1, APIs: 4, Instructions: 61COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • CreateEventW.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,?,?,009192E1,00000001,00000001), ref: 009006B0
                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,009192E1,00000001,00000001), ref: 009006C2
                                                                                                                                                                                                    • SetLastError.KERNEL32(00000000,?,?,009192E1,00000001,00000001), ref: 009006F9
                                                                                                                                                                                                      • Part of subcall function 008A8370: GetHandleVerifier.ASSISTANT_INSTALLER(?,?,008A631A,?,00000000,?,009F4CF8,?,?,?,?,008A648D,00000000), ref: 008A8377
                                                                                                                                                                                                    • ResetEvent.KERNEL32(?,?,?,?,009192E1,00000001,00000001), ref: 00900725
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ErrorEventLast$CreateHandleResetVerifier
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 794520543-0
                                                                                                                                                                                                    • Opcode ID: c78c71407e3dff8b9d8b0ea5512a1a916b92f54b50e13744f58e4b46e5ab791d
                                                                                                                                                                                                    • Instruction ID: 79f8c479cb1eb97e584fc524fd628d5455a8fdc725db8e7c680a86b6d25ca805
                                                                                                                                                                                                    • Opcode Fuzzy Hash: c78c71407e3dff8b9d8b0ea5512a1a916b92f54b50e13744f58e4b46e5ab791d
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 63110476104204AFE7106F28DC4974A7BDDEB85355F144829E581C72A0EBBAE800CB62
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00892990 Relevance: 6.1, APIs: 4, Instructions: 61COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • __Init_thread_header.LIBCMT ref: 00892A05
                                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 00892A3B
                                                                                                                                                                                                    • __Init_thread_header.LIBCMT ref: 00892A4D
                                                                                                                                                                                                      • Part of subcall function 009794E7: EnterCriticalSection.KERNEL32(009F4FC0,?,?,?,008DEFCF,009F5134,?,?,?,?,008DEBD1,00000000,00000000), ref: 009794F2
                                                                                                                                                                                                      • Part of subcall function 009794E7: LeaveCriticalSection.KERNEL32(009F4FC0,?,?,?,008DEFCF,009F5134,?,?,?,?,008DEBD1,00000000,00000000), ref: 0097952F
                                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 00892A87
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CriticalInit_thread_footerInit_thread_headerSection$EnterLeave
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2234156424-0
                                                                                                                                                                                                    • Opcode ID: 5552b64b891313a0f11cc1d0cfe509adbeab03eb0cd6857b8cc87e0764213683
                                                                                                                                                                                                    • Instruction ID: aaa9d69f0080faf2286ce918c0d8b371da9a898a0b8502296427046d8ac5fa1e
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5552b64b891313a0f11cc1d0cfe509adbeab03eb0cd6857b8cc87e0764213683
                                                                                                                                                                                                    • Instruction Fuzzy Hash: EE218131A18218ABE720FB5CE952F3973B1F785718F18C129E6098B3D1C739AD41D792
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 0090F530 Relevance: 6.1, APIs: 4, Instructions: 61COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • TryAcquireSRWLockExclusive.KERNEL32(00000030,00000000,00919030,?,?,?,00918FAB,00000000,00000000,?,?,0093D98D,?,?,00919030,?), ref: 0090F55F
                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(00000030,?,?,?,FF355567,?,?,?,?,?,?,0093D81F,0093D7B9), ref: 0090F572
                                                                                                                                                                                                    • TryAcquireSRWLockExclusive.KERNEL32(00000024,00000000,00919030,?,?,?,00918FAB,00000000,00000000,?,?,0093D98D,?,?,00919030,?), ref: 0090F58B
                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(00000024,?,?,?,FF355567,?,?,?,?,?,?,0093D81F,0093D7B9), ref: 0090F59E
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ExclusiveLock$AcquireRelease
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 17069307-0
                                                                                                                                                                                                    • Opcode ID: a81a3291b8d4f8a5b314df5966e787c844dffd9ff6a47ff01bd8f07b998f6d2c
                                                                                                                                                                                                    • Instruction ID: 39aa444b7a94f89b9d474f9a1dbff57503b1a2c851deb323e2c3f5503d0cb9f9
                                                                                                                                                                                                    • Opcode Fuzzy Hash: a81a3291b8d4f8a5b314df5966e787c844dffd9ff6a47ff01bd8f07b998f6d2c
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1C117C312002008FCB259F25D8A1A7A7BAAFFC5320B04492DF4464BB91CB34ED069BA2
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 009905FE Relevance: 6.0, APIs: 4, Instructions: 44COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetFullPathNameW.KERNEL32(?,?,?,00000000,0099053E,00000000,?,0099F7C1,008910E1,008910E1,0099053E,?,?,008910E1,008910E1,00000001), ref: 00990614
                                                                                                                                                                                                    • GetLastError.KERNEL32(?,0099F7C1,008910E1,008910E1,0099053E,?,?,008910E1,008910E1,00000001,00000000,00000000,?,0099053E,008910E1,008A1595), ref: 0099061E
                                                                                                                                                                                                    • __dosmaperr.LIBCMT ref: 00990625
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ErrorFullLastNamePath__dosmaperr
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2398240785-0
                                                                                                                                                                                                    • Opcode ID: 74ff47725f9c71bbbfedc4cc0350678a1a3b0bd4e8b0695a21205a639fed75aa
                                                                                                                                                                                                    • Instruction ID: 473e77865ecf817bf8e61b3ec0f7945b5bae4fd96cb1be527edf14e7e230cfbb
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 74ff47725f9c71bbbfedc4cc0350678a1a3b0bd4e8b0695a21205a639fed75aa
                                                                                                                                                                                                    • Instruction Fuzzy Hash: BAF0FB32604115BF8F206BAAD848D5AFF6DFEC43A03158A15F569CA120CB31E861EBE1
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00990543 Relevance: 6.0, APIs: 4, Instructions: 44COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetFullPathNameW.KERNEL32(?,?,?,00000000,0099053E,00000000,?,0099F836,008910E1,008910E1,?,?,008910E1,008910E1,00000001,00000000), ref: 00990559
                                                                                                                                                                                                    • GetLastError.KERNEL32(?,0099F836,008910E1,008910E1,?,?,008910E1,008910E1,00000001,00000000,00000000,?,0099053E,008910E1,008A1595,?), ref: 00990563
                                                                                                                                                                                                    • __dosmaperr.LIBCMT ref: 0099056A
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ErrorFullLastNamePath__dosmaperr
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2398240785-0
                                                                                                                                                                                                    • Opcode ID: a829c59474b9d7e1360b87c769cc820777def7b011531148b478851cfdf8d8ea
                                                                                                                                                                                                    • Instruction ID: ef31808d134a1b67e49b1a7deba94167353509cd35d063df0446a6980e1c0dc1
                                                                                                                                                                                                    • Opcode Fuzzy Hash: a829c59474b9d7e1360b87c769cc820777def7b011531148b478851cfdf8d8ea
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 24F0FB32604115BF9F206FAADC48D56BF6DFE847A03158515B569C6120CB31E851EBE2
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 009A6499 Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • WriteConsoleW.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,0099F865,00000000,00000001,00000000,00000000,?,00990D7B,?,?,00000000), ref: 009A64B0
                                                                                                                                                                                                    • GetLastError.KERNEL32(?,0099F865,00000000,00000001,00000000,00000000,?,00990D7B,?,?,00000000,?,00000000,?,0099080F,00000000), ref: 009A64BC
                                                                                                                                                                                                      • Part of subcall function 009A6510: CloseHandle.KERNEL32(FFFFFFFE,009A64CC,?,0099F865,00000000,00000001,00000000,00000000,?,00990D7B,?,?,00000000,?,00000000), ref: 009A6520
                                                                                                                                                                                                    • ___initconout.LIBCMT ref: 009A64CC
                                                                                                                                                                                                      • Part of subcall function 009A64EE: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,009A648A,0099F852,00000000,?,00990D7B,?,?,00000000,?), ref: 009A6501
                                                                                                                                                                                                    • WriteConsoleW.KERNEL32(00000000,00000000,00000000,00000000,?,0099F865,00000000,00000001,00000000,00000000,?,00990D7B,?,?,00000000,?), ref: 009A64E1
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2744216297-0
                                                                                                                                                                                                    • Opcode ID: 1454499ef8c490ddd61d880412536843c0fdb72634c30f6723fee214c1b3f18d
                                                                                                                                                                                                    • Instruction ID: 6df0a80e8b6873cbf6e70134d24692d1e50913e2bbd03ef7493f9de3ff815bd9
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1454499ef8c490ddd61d880412536843c0fdb72634c30f6723fee214c1b3f18d
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 24F03936514159BBCF222FA5DC08ADA3F66FB493A0B194414FA2889530CA72DC60EBD1
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 009795A7 Relevance: 6.0, APIs: 4, Instructions: 25COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • SleepConditionVariableCS.KERNELBASE(?,0097950C,00000064), ref: 009795CA
                                                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(009F4FC0,?,?,0097950C,00000064,?,?,?,008DEFCF,009F5134,?,?,?,?,008DEBD1,00000000), ref: 009795D4
                                                                                                                                                                                                    • WaitForSingleObjectEx.KERNEL32(?,00000000,?,0097950C,00000064,?,?,?,008DEFCF,009F5134,?,?,?,?,008DEBD1,00000000), ref: 009795E5
                                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(009F4FC0,?,0097950C,00000064,?,?,?,008DEFCF,009F5134,?,?,?,?,008DEBD1,00000000,00000000), ref: 009795EC
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CriticalSection$ConditionEnterLeaveObjectSingleSleepVariableWait
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3269011525-0
                                                                                                                                                                                                    • Opcode ID: f525dbc76e6cde2fbd94dd6b35b21ba7e45ef6c6e3adc13f32b4b36073b47eb0
                                                                                                                                                                                                    • Instruction ID: 6bb2ba2ac0828cd712f0b2fdb57e1286f0225b3c2e18a26ee20a4f6222cfd5c7
                                                                                                                                                                                                    • Opcode Fuzzy Hash: f525dbc76e6cde2fbd94dd6b35b21ba7e45ef6c6e3adc13f32b4b36073b47eb0
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 18E09232568238ABCB021B90EC08AAA7F69EF49761B054014FA0D5A1708B616D00EBD5
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 0089A770 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 295COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _strlen
                                                                                                                                                                                                    • String ID: ScopedBlockingCall
                                                                                                                                                                                                    • API String ID: 4218353326-1243657212
                                                                                                                                                                                                    • Opcode ID: c28d4613e0628d8d012bae4be16d912a2ab3b432fd2a8da51c3a6db44b667496
                                                                                                                                                                                                    • Instruction ID: 16e357770ebfb974a824251fc0a975adb1d8a4dfc3fa380bf651325b1d89c25b
                                                                                                                                                                                                    • Opcode Fuzzy Hash: c28d4613e0628d8d012bae4be16d912a2ab3b432fd2a8da51c3a6db44b667496
                                                                                                                                                                                                    • Instruction Fuzzy Hash: F6B16FB0600B019FDB24DF29C981B16B7E1FF88724F548A2DE4AA87B91D771F905CB91
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 0089AAD0 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 295COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • ScopedBlockingCallWithBaseSyncPrimitives, xrefs: 0089AB14
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _strlen
                                                                                                                                                                                                    • String ID: ScopedBlockingCallWithBaseSyncPrimitives
                                                                                                                                                                                                    • API String ID: 4218353326-1856630658
                                                                                                                                                                                                    • Opcode ID: cb771750c811282bf59eca2c08619643570a6924bc4f1a612aa89c91216695d6
                                                                                                                                                                                                    • Instruction ID: e21bf3ac3b349f4dc525da647d569ec94085b776c92fc0c856bf7afc4c8e091c
                                                                                                                                                                                                    • Opcode Fuzzy Hash: cb771750c811282bf59eca2c08619643570a6924bc4f1a612aa89c91216695d6
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 43B15DB0600B019FDB24DF29C981B17B7E1FF88724F548A2DE49A87B91D771F8058B91
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 008A2A00 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 263COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • CreateDirectoryW.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 008A2D05
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • ../../base/files/file_util_win.cc, xrefs: 008A2A52
                                                                                                                                                                                                    • CreateTemporaryDirInDir, xrefs: 008A2A57
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CreateDirectory
                                                                                                                                                                                                    • String ID: ../../base/files/file_util_win.cc$CreateTemporaryDirInDir
                                                                                                                                                                                                    • API String ID: 4241100979-140310067
                                                                                                                                                                                                    • Opcode ID: 8084ec2e3085804ce850bb367ed520aba5563cab07a688e03a1c58437881f18e
                                                                                                                                                                                                    • Instruction ID: ed67d1732f0ae30366850b0f008c0bc299c5dfe6ebdc33b5c7008851f678a89a
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8084ec2e3085804ce850bb367ed520aba5563cab07a688e03a1c58437881f18e
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 43A1D2B15083819BE710AF18C881B6FBBE4FFD6328F040A1DF4D5A7292D735AA498757
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 008631E0 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 201COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • SHAssocEnumHandlersForProtocolByApplication.SHELL32(?,009ACEF4,00000000), ref: 00863219
                                                                                                                                                                                                    • IIDFromString.OLE32({CA635855-B44E-4541-9591-9FAA53354A53},?,FFFFFFFF), ref: 0086338C
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • {CA635855-B44E-4541-9591-9FAA53354A53}, xrefs: 00863387
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ApplicationAssocEnumFromHandlersProtocolString
                                                                                                                                                                                                    • String ID: {CA635855-B44E-4541-9591-9FAA53354A53}
                                                                                                                                                                                                    • API String ID: 1503932110-2735895030
                                                                                                                                                                                                    • Opcode ID: fce33a9c6b197e1e1211e1a6fc35885149fdb722e8e7508d663245a94d7db663
                                                                                                                                                                                                    • Instruction ID: 26b20d8c2ef8de7879f0bc134d8ae33a2edbda969a95380099bf2f0d8b13cc59
                                                                                                                                                                                                    • Opcode Fuzzy Hash: fce33a9c6b197e1e1211e1a6fc35885149fdb722e8e7508d663245a94d7db663
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 517177716083129BDB10CF24D594A6BBBE4FF88714F15891CF89ADB390DB30EA45CB92
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 0084CC90 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 161COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • _strlen.LIBCMT ref: 0084CD83
                                                                                                                                                                                                      • Part of subcall function 0098D9B4: IsProcessorFeaturePresent.KERNEL32(00000017,00996F16,?,0098C03F,?,?,?,00000000,?,?,0084CEDF,?,?,?,0087EE62,?), ref: 0098D9D0
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: FeaturePresentProcessor_strlen
                                                                                                                                                                                                    • String ID: ... (message truncated)$[%s : %d] RAW:
                                                                                                                                                                                                    • API String ID: 2631407230-3262997248
                                                                                                                                                                                                    • Opcode ID: d62d40a201435898d399134c15c8de721a53e742c71b9b657d15f034a27053fd
                                                                                                                                                                                                    • Instruction ID: 44df4ebc12d2929c9a7b4949d400d8e983db8183c758c70e9730d09a287d4784
                                                                                                                                                                                                    • Opcode Fuzzy Hash: d62d40a201435898d399134c15c8de721a53e742c71b9b657d15f034a27053fd
                                                                                                                                                                                                    • Instruction Fuzzy Hash: E451F772A01219AFDF14EF68DC81EEB7BB9FF85354F044069F90997251EB319A14CBA0
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 008E2E80 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 113COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • _strlen.LIBCMT ref: 008E2F5F
                                                                                                                                                                                                    • _strlen.LIBCMT ref: 008E2F95
                                                                                                                                                                                                      • Part of subcall function 009248D0: EventUnregister.ADVAPI32(?,?,00000000,?,008E2F09,Google.Chrome,009B8194,008E2FF0,00000000), ref: 009248E4
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _strlen$EventUnregister
                                                                                                                                                                                                    • String ID: Google.Chrome
                                                                                                                                                                                                    • API String ID: 303537305-2537414952
                                                                                                                                                                                                    • Opcode ID: 19a7cad9bd3297d9e03cba99a91618e9fd353eb9bbab4ad8f64b7ebad99fee66
                                                                                                                                                                                                    • Instruction ID: cb3803b5a43a0b98a4c8e1b85645b0d8074a8a08f2d564f03dcd3ad1973a66b7
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 19a7cad9bd3297d9e03cba99a91618e9fd353eb9bbab4ad8f64b7ebad99fee66
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6B4142B1D012189FDB04DF99D881BDEBBF9FF88314F148069E405AB241DB759946CBD1
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00860410 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 94COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                      • Part of subcall function 0086051B: GetCurrentProcess.KERNEL32(?,?,?,?,?,?,?,?,0086043C,SeTakeOwnershipPrivilege), ref: 0086053C
                                                                                                                                                                                                      • Part of subcall function 0086051B: OpenProcessToken.ADVAPI32(00000000,00000020,?,?,?,?,?,?,?,?,?,0086043C,SeTakeOwnershipPrivilege), ref: 00860546
                                                                                                                                                                                                      • Part of subcall function 0086051B: LookupPrivilegeValueW.ADVAPI32(00000000,?,?), ref: 00860577
                                                                                                                                                                                                      • Part of subcall function 0086051B: AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,?,?,?,?,?,?,?,0086043C,SeTakeOwnershipPrivilege), ref: 008605A9
                                                                                                                                                                                                      • Part of subcall function 0086051B: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,0086043C,SeTakeOwnershipPrivilege), ref: 008605B3
                                                                                                                                                                                                    • SetNamedSecurityInfoW.ADVAPI32(?,?,00000001,00000000,00000000,00000000,00000000,SeTakeOwnershipPrivilege), ref: 00860489
                                                                                                                                                                                                    • LocalFree.KERNEL32(?,SeTakeOwnershipPrivilege), ref: 008604D2
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ProcessToken$AdjustCurrentErrorFreeInfoLastLocalLookupNamedOpenPrivilegePrivilegesSecurityValue
                                                                                                                                                                                                    • String ID: SeTakeOwnershipPrivilege
                                                                                                                                                                                                    • API String ID: 3132948474-3375656754
                                                                                                                                                                                                    • Opcode ID: 4395643f17544564e13545be77caa8e5749e7126c53be3d549dc718f02636573
                                                                                                                                                                                                    • Instruction ID: 4215ab3d06c735340f0eae4c497bd88d12d2793a1b94fde02ee20fd3cc73b41d
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4395643f17544564e13545be77caa8e5749e7126c53be3d549dc718f02636573
                                                                                                                                                                                                    • Instruction Fuzzy Hash: EA31F471B002299BEF20BB64CC4567FB765FF84314F068029F857E7291CF3169068AD6
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00995478 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 93COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • ___except_validate_context_record.LIBVCRUNTIME ref: 00995481
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ___except_validate_context_record
                                                                                                                                                                                                    • String ID: csm$csm
                                                                                                                                                                                                    • API String ID: 3493665558-3733052814
                                                                                                                                                                                                    • Opcode ID: 554a815cace5fc91863a36511fca7fc49a8331200172b1ac0a182433cc8be56d
                                                                                                                                                                                                    • Instruction ID: e703a3b4afb4b5bb17841153a9ff88d03b07c3ac533cb774b368ec5ffaf3d99b
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 554a815cace5fc91863a36511fca7fc49a8331200172b1ac0a182433cc8be56d
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4C31B372800A15EBCF278F5CC8449AF7B6AFF49315B1B4559F85849122C332CDA2DB92
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00859210 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 92COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: __floor_pentium4
                                                                                                                                                                                                    • String ID: 3333$3333
                                                                                                                                                                                                    • API String ID: 4168288129-1524365199
                                                                                                                                                                                                    • Opcode ID: 955c55394dac995f3408dca2a01a1b2e5a68fa8db786e2c24b4584d50b56ffda
                                                                                                                                                                                                    • Instruction ID: a9b79363b1b30d29e8227e186a516ef581bf7397cd88441d56db830b3e5cfa04
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 955c55394dac995f3408dca2a01a1b2e5a68fa8db786e2c24b4584d50b56ffda
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 55214032B1460C8BCB15D93DC84216EF3E5FF96351B19CB39E8C6E7291E731A4D98641
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 0084F7F2 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 92COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: __floor_pentium4
                                                                                                                                                                                                    • String ID: 3333$3333
                                                                                                                                                                                                    • API String ID: 4168288129-1524365199
                                                                                                                                                                                                    • Opcode ID: 955c55394dac995f3408dca2a01a1b2e5a68fa8db786e2c24b4584d50b56ffda
                                                                                                                                                                                                    • Instruction ID: bec4acf781ce167de6d75d154a6e93f425bfba17bee763a2da0ab316dbdc4910
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 955c55394dac995f3408dca2a01a1b2e5a68fa8db786e2c24b4584d50b56ffda
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 57214772B1460C4BCB05EA3DC84222EF7E6EF96350719CB3EE546EB242FB3594918642
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 008A3040 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 87COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetFileAttributesExW.KERNEL32(?,00000000,?), ref: 008A30CF
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: AttributesFile
                                                                                                                                                                                                    • String ID: ../../base/files/file_util_win.cc$GetFileInfo
                                                                                                                                                                                                    • API String ID: 3188754299-477665002
                                                                                                                                                                                                    • Opcode ID: 758df1bef9768127fe402ad22486ce7e0c22468d4a1fc4bd39db28854cab74e3
                                                                                                                                                                                                    • Instruction ID: c64dd0c6e2d5fddb77933efe254518cc54cdce8a8cbeca37a27ae3d6e0dcadf7
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 758df1bef9768127fe402ad22486ce7e0c22468d4a1fc4bd39db28854cab74e3
                                                                                                                                                                                                    • Instruction Fuzzy Hash: CD31CE72908B81ABD3119F28C84196AFBA4FFCA360F104B1DF9E456591EB70D6958B82
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 0085F470 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 87synchronizationCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 0085F492
                                                                                                                                                                                                      • Part of subcall function 0085FADF: FormatMessageA.KERNEL32(00001200,00000000,?,00000409,?,00000100,00000000), ref: 0085FB23
                                                                                                                                                                                                      • Part of subcall function 0085FADF: _strlen.LIBCMT ref: 0085FB47
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • Unexpected result when waiting for elevated process: , xrefs: 0085F4EA
                                                                                                                                                                                                    • Failed wait for the elevated process: , xrefs: 0085F4C4
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: FormatMessageObjectSingleWait_strlen
                                                                                                                                                                                                    • String ID: Failed wait for the elevated process: $Unexpected result when waiting for elevated process:
                                                                                                                                                                                                    • API String ID: 2759725772-2013727604
                                                                                                                                                                                                    • Opcode ID: 404045c377873238414ccf3b09ace4dfbb2f5b9096f6d173f09b1db4c34633f8
                                                                                                                                                                                                    • Instruction ID: 7ae486a84b09819eff4352eefd395a37600f0e029b31899b7a90c2d582b0ba0b
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 404045c377873238414ccf3b09ace4dfbb2f5b9096f6d173f09b1db4c34633f8
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3A31D4B1904210AFCB11AF28DC45A5BBBE8FFC6314F048569F95ADB2A2D7319948C753
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 0093E690 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 86COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • CreateWindowExW.USER32 ref: 0093E743
                                                                                                                                                                                                      • Part of subcall function 0093E4D0: RegisterClassExW.USER32(00000030), ref: 0093E536
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • ../../base/win/message_window.cc, xrefs: 0093E772
                                                                                                                                                                                                    • Failed to create a message-only window, xrefs: 0093E784
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ClassCreateRegisterWindow
                                                                                                                                                                                                    • String ID: ../../base/win/message_window.cc$Failed to create a message-only window
                                                                                                                                                                                                    • API String ID: 3469048531-3362469768
                                                                                                                                                                                                    • Opcode ID: 00cd3a6eaa1d19f1e267e504b0b1c4ea17c0f6b8fccfa86a95b607e9a2489782
                                                                                                                                                                                                    • Instruction ID: 64b0d10ea3470419a822077967d323ce61ae4690a51d6503651cd5e3943aba18
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 00cd3a6eaa1d19f1e267e504b0b1c4ea17c0f6b8fccfa86a95b607e9a2489782
                                                                                                                                                                                                    • Instruction Fuzzy Hash: B531F970A047085BD710BF58A846B2ABBA5FFC8714F408529FA495B3D2D7709904CB63
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00938FDE Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 84COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetFileAttributesW.KERNEL32(?), ref: 00939002
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • ../../third_party/crashpad/crashpad/util/file/filesystem_win.cc, xrefs: 0093904F
                                                                                                                                                                                                    • GetFileAttributes , xrefs: 00939061
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: AttributesFile
                                                                                                                                                                                                    • String ID: ../../third_party/crashpad/crashpad/util/file/filesystem_win.cc$GetFileAttributes
                                                                                                                                                                                                    • API String ID: 3188754299-264061613
                                                                                                                                                                                                    • Opcode ID: a89f48320b975f3910f44360b8944604293bffd82b48b5d92472b894e8728256
                                                                                                                                                                                                    • Instruction ID: 4c8f136282e74258679cf4de7d449b2a54ed07bbfc0a9622165b7959b103e4e4
                                                                                                                                                                                                    • Opcode Fuzzy Hash: a89f48320b975f3910f44360b8944604293bffd82b48b5d92472b894e8728256
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 26214071A002186FEB10AB68DC86FA97768EF45314F0440A4F91DD72C3E771AE49CF62
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 0093A615 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 82fileCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • ../../third_party/crashpad/crashpad/util/file/file_io_win.cc, xrefs: 0093A68A
                                                                                                                                                                                                    • CreateFile , xrefs: 0093A69C
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CreateFile
                                                                                                                                                                                                    • String ID: ../../third_party/crashpad/crashpad/util/file/file_io_win.cc$CreateFile
                                                                                                                                                                                                    • API String ID: 823142352-2196637939
                                                                                                                                                                                                    • Opcode ID: d07c758d64a40317ff761ab0b093a2af138858883a4cb7256102275a3a256272
                                                                                                                                                                                                    • Instruction ID: 84d6e4ae7cebd4d40309a7626b947ac2d1083f32fdec3762aa1bbfab39c0d1e5
                                                                                                                                                                                                    • Opcode Fuzzy Hash: d07c758d64a40317ff761ab0b093a2af138858883a4cb7256102275a3a256272
                                                                                                                                                                                                    • Instruction Fuzzy Hash: D821D971D042285BEF10AF68DC96FA9B7B4EF55304F0441A9F8899B292E7305E44CFA3
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 008A33C0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 81COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetCurrentDirectoryW.KERNEL32(00000104,?), ref: 008A344F
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • GetCurrentDirectoryW, xrefs: 008A3411
                                                                                                                                                                                                    • ../../base/files/file_util_win.cc, xrefs: 008A340C
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CurrentDirectory
                                                                                                                                                                                                    • String ID: ../../base/files/file_util_win.cc$GetCurrentDirectoryW
                                                                                                                                                                                                    • API String ID: 1611563598-109067590
                                                                                                                                                                                                    • Opcode ID: 437949e901aa4f343ef08e1652e3d4a723a07e7acfdcf4a4f2e09259072afc42
                                                                                                                                                                                                    • Instruction ID: 59510f10ebe5f3897fd596545729eb6ec4f6aac90a71c2cb418f77bdc0aaf438
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 437949e901aa4f343ef08e1652e3d4a723a07e7acfdcf4a4f2e09259072afc42
                                                                                                                                                                                                    • Instruction Fuzzy Hash: A121E3326183845BD310AB28CC86ABFB3A4FFD5764F00072DF5E5962D1EBB499488387
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 0093A927 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 64fileCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • LockFileEx.KERNEL32(00000000,8408C483,00000000,-00000001,-00000001,?), ref: 0093A96B
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • ../../third_party/crashpad/crashpad/util/file/file_io_win.cc, xrefs: 0093A998
                                                                                                                                                                                                    • LockFileEx, xrefs: 0093A9A8
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: FileLock
                                                                                                                                                                                                    • String ID: ../../third_party/crashpad/crashpad/util/file/file_io_win.cc$LockFileEx
                                                                                                                                                                                                    • API String ID: 3169042693-1251665049
                                                                                                                                                                                                    • Opcode ID: a7e0decd3fb3dab20fea52e49062114c3b7c163277a8835d1c035ca7413d3019
                                                                                                                                                                                                    • Instruction ID: 5ef0edd2acef48264766bc40153606eedbaa4b575228d495895d0ffbd2ef5786
                                                                                                                                                                                                    • Opcode Fuzzy Hash: a7e0decd3fb3dab20fea52e49062114c3b7c163277a8835d1c035ca7413d3019
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 14112C72A0435427E724AB699C47FEB77ADEFC4720F418629FD45572C2EB709D0482A3
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00900760 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 63synchronizationCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • WaitForSingleObject.KERNEL32(?,000000FF), ref: 00900802
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • ../../base/synchronization/waitable_event_win.cc, xrefs: 009007C5
                                                                                                                                                                                                    • Wait, xrefs: 009007CA
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ObjectSingleWait
                                                                                                                                                                                                    • String ID: ../../base/synchronization/waitable_event_win.cc$Wait
                                                                                                                                                                                                    • API String ID: 24740636-241924016
                                                                                                                                                                                                    • Opcode ID: 596661d1af83bbda179470a0e0387a3a2f497a42e72f166f07789134aaffdb10
                                                                                                                                                                                                    • Instruction ID: 5b076a252e4e663a1568d617ee508543204285ba94ede9d55999f0c01b3858c1
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 596661d1af83bbda179470a0e0387a3a2f497a42e72f166f07789134aaffdb10
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8A218C314083C19AE311EB288846BAABBA4BFD6324F544A1DF4D0461D2DBE89989C7C3
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 0093A9DA Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60fileCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • UnlockFileEx.KERNEL32(009083D0,00000000,-00000001,-00000001,?), ref: 0093AA15
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • UnlockFileEx, xrefs: 0093AA52
                                                                                                                                                                                                    • ../../third_party/crashpad/crashpad/util/file/file_io_win.cc, xrefs: 0093AA42
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: FileUnlock
                                                                                                                                                                                                    • String ID: ../../third_party/crashpad/crashpad/util/file/file_io_win.cc$UnlockFileEx
                                                                                                                                                                                                    • API String ID: 45017762-3846138344
                                                                                                                                                                                                    • Opcode ID: d27e612c0e23f43edae8a3713c409de0b8f6056a8846126581ea3c6a1b2069f5
                                                                                                                                                                                                    • Instruction ID: 794627e2acfbbc1b0283f8b624680692305a1bf0e0c996fbbdb3973ea589ac7e
                                                                                                                                                                                                    • Opcode Fuzzy Hash: d27e612c0e23f43edae8a3713c409de0b8f6056a8846126581ea3c6a1b2069f5
                                                                                                                                                                                                    • Instruction Fuzzy Hash: C5112972A043142BE624AB689C47FAB775EEFC4760F004229F849972C2EB70994486E2
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 008A4550 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 59fileCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • LockFileEx.KERNEL32(?,-00000001,00000000,000000FF,000000FF), ref: 008A45C7
                                                                                                                                                                                                    • GetLastError.KERNEL32(?,-00000001,00000000,000000FF,000000FF), ref: 008A45D3
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ErrorFileLastLock
                                                                                                                                                                                                    • String ID: File::Lock
                                                                                                                                                                                                    • API String ID: 1811722133-2527957272
                                                                                                                                                                                                    • Opcode ID: e8976a18f7959d7df2469cfe4976d6ad2aa1294fe0707cc27c743e38437fc3b0
                                                                                                                                                                                                    • Instruction ID: 0a68525bf9d9d57be9a73dd67b04072372c40731128e246ae10c639817174dfe
                                                                                                                                                                                                    • Opcode Fuzzy Hash: e8976a18f7959d7df2469cfe4976d6ad2aa1294fe0707cc27c743e38437fc3b0
                                                                                                                                                                                                    • Instruction Fuzzy Hash: A711B2715042025BDA10EF68EC46B9AB7A8EF86770F110728F861D62D1EB70E90587D3
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 0087E4E0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • __Init_thread_header.LIBCMT ref: 0087E544
                                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 0087E57D
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Init_thread_footerInit_thread_header
                                                                                                                                                                                                    • String ID: %m/%d/%y
                                                                                                                                                                                                    • API String ID: 4092853384-2272391455
                                                                                                                                                                                                    • Opcode ID: 73a71360149ea3fac394ce4f07b5f5b99dfcc43fbe23f5d6a7152b005e30b136
                                                                                                                                                                                                    • Instruction ID: 4de5dc17bd0017f753d5efc4f328763a40dfb3d365e3027ce97b8f4ab5a08ce4
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 73a71360149ea3fac394ce4f07b5f5b99dfcc43fbe23f5d6a7152b005e30b136
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 040196B2900649CFE320DF5CE846B65B7B5F784768F00C179F51987391E739A944CB91
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 0087E400 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • __Init_thread_header.LIBCMT ref: 0087E464
                                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 0087E49D
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Init_thread_footerInit_thread_header
                                                                                                                                                                                                    • String ID: %m/%d/%y
                                                                                                                                                                                                    • API String ID: 4092853384-2272391455
                                                                                                                                                                                                    • Opcode ID: 07a0466739bd8481a96f6a2a73c3b4ff9955ccd1edc8629b8a76a751a5743528
                                                                                                                                                                                                    • Instruction ID: 421c6f8d6f2263f574145ddf8369d8d6a85cc195f02d853c81c68526612f60cd
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 07a0466739bd8481a96f6a2a73c3b4ff9955ccd1edc8629b8a76a751a5743528
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6B01A1B1A006089FD720EF5CD846B25B7A0FB85774F10C165E61987792D3399900CB92
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 0087E5C0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • __Init_thread_header.LIBCMT ref: 0087E624
                                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 0087E65D
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Init_thread_footerInit_thread_header
                                                                                                                                                                                                    • String ID: %H:%M:%S
                                                                                                                                                                                                    • API String ID: 4092853384-1434664181
                                                                                                                                                                                                    • Opcode ID: 4c2ce41e736d510f32a4bcf3336db91c66cc4495b98a14401ce4610539896ef6
                                                                                                                                                                                                    • Instruction ID: 7480f774bd52bf765f0406df966c5922b42a2833626e477a020ca52fe3f9fe11
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4c2ce41e736d510f32a4bcf3336db91c66cc4495b98a14401ce4610539896ef6
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 590180B2A007458FD320EF6CD84AB25B7B5FB947A8F00C579E61987791E3399901CB92
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 0087E6A0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • __Init_thread_header.LIBCMT ref: 0087E704
                                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 0087E73D
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Init_thread_footerInit_thread_header
                                                                                                                                                                                                    • String ID: %H:%M:%S
                                                                                                                                                                                                    • API String ID: 4092853384-1434664181
                                                                                                                                                                                                    • Opcode ID: 25769a508ebedf573050773eae1aad402dcd43bf62a6f47845ac207516af88b6
                                                                                                                                                                                                    • Instruction ID: f168081d6bd63e4d0959ddd05d209a126baf8cd6d3710bfc890d5df60df39c41
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 25769a508ebedf573050773eae1aad402dcd43bf62a6f47845ac207516af88b6
                                                                                                                                                                                                    • Instruction Fuzzy Hash: C801D2B2A00648CFD320EF5CD846B25B7B0FB88764F00C1B9F6198B392D3399901CB92
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 0087E780 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • __Init_thread_header.LIBCMT ref: 0087E7E4
                                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 0087E81D
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Init_thread_footerInit_thread_header
                                                                                                                                                                                                    • String ID: %a %b %d %H:%M:%S %Y
                                                                                                                                                                                                    • API String ID: 4092853384-1318879718
                                                                                                                                                                                                    • Opcode ID: 90329f553a3af01875e44b3426e3e687c9416e9ed5c2a610bfbc5766584761c8
                                                                                                                                                                                                    • Instruction ID: e52be6f766d73b3a61504ec862de7e2fca6a505b6716e7a1fc0426d8217b4b67
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 90329f553a3af01875e44b3426e3e687c9416e9ed5c2a610bfbc5766584761c8
                                                                                                                                                                                                    • Instruction Fuzzy Hash: DB01C4B59007048FD310DF98D846B2577A8F784B64F00C575E51987791D33A9940DB92
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 0087E860 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • __Init_thread_header.LIBCMT ref: 0087E8C4
                                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 0087E8FD
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Init_thread_footerInit_thread_header
                                                                                                                                                                                                    • String ID: %a %b %d %H:%M:%S %Y
                                                                                                                                                                                                    • API String ID: 4092853384-1318879718
                                                                                                                                                                                                    • Opcode ID: 759aca95b7e97db01e3ed83dff35b1f17ac25c2cc70b03db31a8382042030f83
                                                                                                                                                                                                    • Instruction ID: 9cb2609a9b04c5433d2e494c90e57423218f0d932174f1f8e2533005654abb98
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 759aca95b7e97db01e3ed83dff35b1f17ac25c2cc70b03db31a8382042030f83
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0101C4B29107048FD320DF68E846B25B7A4F788764F00C176F61987381D3399900CB92
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 0087E940 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • __Init_thread_header.LIBCMT ref: 0087E9A4
                                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 0087E9DD
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Init_thread_footerInit_thread_header
                                                                                                                                                                                                    • String ID: %I:%M:%S %p
                                                                                                                                                                                                    • API String ID: 4092853384-611667740
                                                                                                                                                                                                    • Opcode ID: f06b1708cb37b5704eeab04e9c361667a2fb61d124f1c296075fbc6c533c2ab9
                                                                                                                                                                                                    • Instruction ID: 89cf0be14120ed310229f628d5436bcdbabf83ae85afc9171bf9a31a21df799d
                                                                                                                                                                                                    • Opcode Fuzzy Hash: f06b1708cb37b5704eeab04e9c361667a2fb61d124f1c296075fbc6c533c2ab9
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0B0184B2900748DFD310DF6CD846B25BBA0FB84724F00C575E61D8B391D3B5A940CB91
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 0087EA20 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • __Init_thread_header.LIBCMT ref: 0087EA84
                                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 0087EABD
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Init_thread_footerInit_thread_header
                                                                                                                                                                                                    • String ID: %I:%M:%S %p
                                                                                                                                                                                                    • API String ID: 4092853384-611667740
                                                                                                                                                                                                    • Opcode ID: e311777c91c01ed693e6fa3dec163c79a169ab6dfae6e8d1cbef536442932dde
                                                                                                                                                                                                    • Instruction ID: a0b4d59144b32ea502031d8850ba155a264c5da48e70cc4e330bdc9fc892ee95
                                                                                                                                                                                                    • Opcode Fuzzy Hash: e311777c91c01ed693e6fa3dec163c79a169ab6dfae6e8d1cbef536442932dde
                                                                                                                                                                                                    • Instruction Fuzzy Hash: EE01D2B2A00644CFD320EF5CD846B29B7A0F789B24F10C1B9E61997392D3B59A40CB92
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 008BC6D0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 43COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(../../third_party/crashpad/crashpad/client/crashpad_client_win.cc,0000032C,00000002), ref: 008BC73B
                                                                                                                                                                                                      • Part of subcall function 008BC770: Sleep.KERNEL32(00000001), ref: 008BC795
                                                                                                                                                                                                      • Part of subcall function 008BC770: GetCurrentProcess.KERNEL32(../../third_party/crashpad/crashpad/client/crashpad_client_win.cc,000000AF,00000002), ref: 008BC874
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • not connected, xrefs: 008BC726
                                                                                                                                                                                                    • ../../third_party/crashpad/crashpad/client/crashpad_client_win.cc, xrefs: 008BC714
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CurrentProcess$Sleep
                                                                                                                                                                                                    • String ID: ../../third_party/crashpad/crashpad/client/crashpad_client_win.cc$not connected
                                                                                                                                                                                                    • API String ID: 4112775895-3685228723
                                                                                                                                                                                                    • Opcode ID: 52fea34cea8b8ccff7520f980bfba2f58c961177695ce657ba6beb9c6eba1025
                                                                                                                                                                                                    • Instruction ID: fc3c101b72ee1445af97593875ee9b4772f225ccc34cece7ac541e07e2dab3f1
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 52fea34cea8b8ccff7520f980bfba2f58c961177695ce657ba6beb9c6eba1025
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7B01D661A1031867DA107BB8AC4BFED7B26EF45720F400124B559AA2D2EB315A448697
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00948AC0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42threadCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • CreateThread.KERNEL32(00000000,00000000,00948B30,00000000,00000000,00000000), ref: 00948ADF
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • ../../third_party/crashpad/crashpad/util/thread/thread_win.cc, xrefs: 00948B01
                                                                                                                                                                                                    • CreateThread, xrefs: 00948B18
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CreateThread
                                                                                                                                                                                                    • String ID: ../../third_party/crashpad/crashpad/util/thread/thread_win.cc$CreateThread
                                                                                                                                                                                                    • API String ID: 2422867632-2064233884
                                                                                                                                                                                                    • Opcode ID: f0c3f7c6deb47fd594366c12dcbfd9d186e5dc22d643f8011519b58eade8f73d
                                                                                                                                                                                                    • Instruction ID: 4c8b84eb37bf9e5691a4da1769301001913cd1c1c5098544a3cb1c5752829ef1
                                                                                                                                                                                                    • Opcode Fuzzy Hash: f0c3f7c6deb47fd594366c12dcbfd9d186e5dc22d643f8011519b58eade8f73d
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 24F0F6B1E503143BD6007BBC6C07EBF7B6CDF40714F40452AF805E7281FE60AA00469A
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 008FC802 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 35COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • FindClose.KERNEL32(00939B54,00939B54,?), ref: 008FC818
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • ../../third_party/crashpad/crashpad/util/win/scoped_handle.cc, xrefs: 008FC837
                                                                                                                                                                                                    • FindClose, xrefs: 008FC84E
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CloseFind
                                                                                                                                                                                                    • String ID: ../../third_party/crashpad/crashpad/util/win/scoped_handle.cc$FindClose
                                                                                                                                                                                                    • API String ID: 1863332320-1337471325
                                                                                                                                                                                                    • Opcode ID: b883ebd0eed86b15f976eb601a86878675a02c73e5ee7148b16922e05f8167fb
                                                                                                                                                                                                    • Instruction ID: 6205f7effb7d432ac0a65523000aad871699c512c38ff33257bb42d715fb90c3
                                                                                                                                                                                                    • Opcode Fuzzy Hash: b883ebd0eed86b15f976eb601a86878675a02c73e5ee7148b16922e05f8167fb
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 69F08271F5031C67CA047B6CAC47AED7B28EF84764F404129FA06AB282FE206A0486D6
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 008CC350 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • __Init_thread_header.LIBCMT ref: 008CC37C
                                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 008CC3AB
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Init_thread_footerInit_thread_header
                                                                                                                                                                                                    • String ID: dummy_histogram
                                                                                                                                                                                                    • API String ID: 4092853384-2199933292
                                                                                                                                                                                                    • Opcode ID: 36fa2df47aa367a58dd82d4af8d5eda392972468b36f37d1cf880df59a3ec8da
                                                                                                                                                                                                    • Instruction ID: 463603f5bf661b8335ee7ad71c1014a83d79db81fe017d2f8a3d50c2236a8bac
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 36fa2df47aa367a58dd82d4af8d5eda392972468b36f37d1cf880df59a3ec8da
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6FF0EC31244A44D7C320A768B912F397361F385718B494229E73D863B2CF31AC41DBD6
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 008DEB90 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 18libraryloaderCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetModuleHandleW.KERNEL32(00000000), ref: 008DEB9E
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetHandleVerifier), ref: 008DEBAA
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000C.00000002.2549113932.0000000000841000.00000020.00000001.01000000.00000014.sdmp, Offset: 00840000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549095108.0000000000840000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009A7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549239585.00000000009D5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549301428.00000000009F0000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549316444.00000000009F1000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000C.00000002.2549340624.00000000009FB000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_840000_assistant_installer.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: AddressHandleModuleProc
                                                                                                                                                                                                    • String ID: GetHandleVerifier
                                                                                                                                                                                                    • API String ID: 1646373207-1090674830
                                                                                                                                                                                                    • Opcode ID: 44ef5db10af0315572a60b566acc947c4af97d96e9598db70a28fed7ec180b73
                                                                                                                                                                                                    • Instruction ID: 8730c4e5abd8d7cd971cdd0df3d51f4b4bbbfe4e8a9d15d7a21968dde088322f
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 44ef5db10af0315572a60b566acc947c4af97d96e9598db70a28fed7ec180b73
                                                                                                                                                                                                    • Instruction Fuzzy Hash: EAD0173029C604A7D6403BB1AC0AF353358F704B2EF114512F34AED6E0CAA0B800DA57
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%